I'm really struggling to get our REST adapter apps make use of _User authentication.
I've followed the instructions set out in the KB article 000058538 - What are the basic steps to authenticate REST clients against the OpenEdge database _User table ? almost exactly (I omitted the step of signing the OERealm object against a specific appserver - I assume this step is optional in a development scenario).
When visint ...login.html and providing user credetials the page returns "Not available" and the JSessionID and OESessionID cookies do not appear to change.
I believe I've misconfigured the Appserver mapping as the standalone appserver that's acting as a token service is showing no activity at all; as though the Spring request is not calling the appserver.
Any help greatly appreciated!
Hi Ross,
The sample OERealm server class implements an authenticated and authorized client check named ValidateClient(). In this case the 'client' is the OERealm client that runs inside of the REST service. You don't want any random ABL client to connect and use the API to discover user accounts and their passwords. So the sample is setup so that the OERealm client can pass a sealed Client-Principal to the OERealm server class - who can validate it and determine whether to surrender account information or not. (The Client-Principal file to put into your REST service is created using $DLC/bin/genspacp utility)
You configure the OERealm client side to send, or not, the Client-Principal file (i.e. TokenFile) via the property:
<b:property name="realmTokenFile" value="" />
As you are just getting started alter the ValidateClient() to return TRUE until you are ready to integrate OERealmClient security?
May be that you have already done these things, but it sounds like basic connection configuration.
The "OERealmUserDetails" bean describes the connection to the AppServer and the Singleton OOABL class it uses.
What is the value of <b:bean id="OERealmUserDetails"
<b:property name="realmURL" value="???" />
<b:property name="realmClass" value="???" />
Are you connecting to an AppServer using 'direct connect' or 'NameServer'?
When you start the AppServer can you verify that the realmClass is in PROPATH?
Thanks Mike, Your response prompted me to re-examine things, and I've since resolved a propath issue.
I'm now seeing:
[15/04/29@15:03:34.762+0100] P-019664 T-001044 1 AS -- (Procedure: 'ValidateUser OpenEdge.Security.Realm.HybridRealm' Line:102) userName: user1@RESTDomain
[15/04/29@15:03:34.762+0100] P-019664 T-001044 1 AS -- Unauthorized client
In my appserver logs - does that mean my user (user1) is not being authenticated; or is this because I didn't sign the code for use on the specified appserver?
Hi Ross,
The sample OERealm server class implements an authenticated and authorized client check named ValidateClient(). In this case the 'client' is the OERealm client that runs inside of the REST service. You don't want any random ABL client to connect and use the API to discover user accounts and their passwords. So the sample is setup so that the OERealm client can pass a sealed Client-Principal to the OERealm server class - who can validate it and determine whether to surrender account information or not. (The Client-Principal file to put into your REST service is created using $DLC/bin/genspacp utility)
You configure the OERealm client side to send, or not, the Client-Principal file (i.e. TokenFile) via the property:
<b:property name="realmTokenFile" value="" />
As you are just getting started alter the ValidateClient() to return TRUE until you are ready to integrate OERealmClient security?
Hi Mike,
That did the trick. I agree in deployment we need to protect Auth service; but as you say short term my primary concern was getting up and running in terms of the concept, we'll lock down later.
Thanks for the assist.
[/collapse]Reply by RWEBSTERHi Mike,
That did the trick. I agree in deployment we need to protect Auth service; but as you say short term my primary concern was getting up and running in terms of the concept, we'll lock down later.
Thanks for the assist.
Stop receiving emails on this subject.Flag this post as spam/abuse.