Hi,
We are using a rest interface to access business entities on PASOE using JSDO from a SPA and using oerealm forms auth with spring security and a custom hybrid realm auth class. We are using enablecp and ccid. However it seems the JSESSIONID is not passed to the ABL business logic and would be ideal if we could read this in the activate proc. Is there any way to do this?
Regards
No it doesn't look like it. I tried SESSION:SERVER-CONNECTION-ID, SESSION:CURRENT-REQUEST-INFO:ClientContextId, SESSION:CURRENT-REQUEST-INFO:SessionId. Lots of calls via the Jsdo with all the above differing in values but no consistent passing through of JSESSIONID
I see it in the SESSION:SERVER-CONNECTION-ID when I enable the CCD property in the OEClientPrincipalFilter bean, in oeableSecurity*.xml.
<b:bean id="OEClientPrincipalFilter"
class="com.progress.appserv.services.security.OEClientPrincipalFilter">
<b:property name="enablecp" value="true" />
<b:property name="ccid" value="true" />
<!-- other properties commented out -->
</b:bean>
Captured the header in Fiddler:
cookie: JSESSIONID=DFAE79356FE46625F2B500F9BF6BA26E1BAA759C2031.test1
And logged in ABL:
[17/02/03@11:43:12.211-0500] P-024420 T-017940 1 AS-7 APPL SERVER-CONNECTION-ID=DFAE79356FE46625F2B500F9BF6BA26E1BAA759C2031.test1
I don't see that. We are using 11.6.3.00 PASOE. Our config file is not using std naming, it is called advantage-form-oerealm.xml and this is referenced in web.xml, although doubt that is adding to the problem.
In my XML, the config is as follows:
<b:bean id="OEClientPrincipalFilter"
class="com.progress.appserv.services.security.OEClientPrincipalFilter">
<b:property name="enablecp" value="true" />
<b:property name="ccid" value="true" />
<b:property name="domain" value="mydomain" />
<b:property name="key" value="XXXXX" />
<b:property name="expires" value="1200" />
<!--
<b:property name="registryFile" value="" />
<b:property name="roles" value="sample" />
<b:property name="authz" value="false" />
<b:property name="expires" value="600" />
<b:property name="accntinfo" value="true" />
<b:property name="properties" >
<b:map>
<b:entry key="prop-1" value="string1"/>
<b:entry key="prop-2" value="string2"/>
</b:map>
</b:property>
<b:property name="anonymous" value="true" />
<b:property name="appName" value="OE" />
-->
</b:bean>
COOKIE:
Cookie: JSESSIONID=707A165C7F1E95AD3889855E8D7BAA876CD5F7D3B8A6.AdvantageWeb
In the PASOE activate proc, this is logged:
[17/02/03@17:25:59.347+0000] P-016028 T-017312 1 AS-18 APPL [PASOE_ACTIVATE] SESSION:SERVER-OPERATING-MODE = Session-free
[17/02/03@17:25:59.347+0000] P-016028 T-017312 1 AS-18 APPL [PASOE_ACTIVATE] SESSION:SERVER-CONNECTION-ID =
[17/02/03@17:25:59.347+0000] P-016028 T-017312 1 AS-18 APPL [PASOE_ACTIVATE] SESSION:SERVER-CONNECTION-CONTEXT =
[17/02/03@17:25:59.347+0000] P-016028 T-017312 1 AS-18 APPL [PASOE_ACTIVATE] SESSION:CURRENT-REQUEST-INFO:ClientContextId =
[17/02/03@17:25:59.347+0000] P-016028 T-017312 1 AS-18 APPL [PASOE_ACTIVATE] SESSION:CURRENT-REQUEST-INFO:SessionId = 18
[17/02/03@17:25:59.347+0000] P-016028 T-017312 1 AS-18 APPL [PASOE_ACTIVATE] SESSION:CURRENT-REQUEST-INFO:GetClientPrincipal() isValidHandle = no
Disable the ClentPrincipal bean, configure the RealmAuthProvider as below
<b:property name="key" value="XXXXX" />
<b:property name="createCPAuthn" value="true" />
<b:property name="userDomain" value="mydomain" />
<b:property name="authz" value="true" />
<b:property name="sealClientPrincipal" value="true" />
<b:property name="expires" value="1200" />
<b:property name="properties" >
<b:map>
<b:entry key="prop-1" value="string1"/>
<b:entry key="prop-2" value="string"2/>
</b:map>
</b:property>
<b:property name="userDetailsService">
<b:ref bean="OERealmUserDetails"/>
</b:property>
You should be able to get the JSESSIONID either by SESSION:CURRENT-REQUEST-INFO:SessionId or SESSION:CURRENT-REQUEST-INFO:ClientContextId