PASOE & IHybridRealm

Posted by bronco on 19-May-2015 08:12

I'm wondering, if I'm writing my implementation of IHybridRealm, is the AppServer thread (or agent) locked for the duration of the authentication process or do I have to assume that every step (usernumber, pwd validation) is on a different thread/agent. In the latter case I have to refetch the user for every step and that's potentially costly in an OERA environment.

Posted by Michael Jacobs on 19-May-2015 08:37

The OERealm client makes a Session-Free connection to the AppServer, and like all Session-Free clients each request will get dispatched to a different [Agent] ABL session to execute in.   So your IHybridRealm interface's implementation has to refetch the user account information each time.  

All Replies

Posted by Peter Judge on 19-May-2015 08:23
The STS (aka Spring) will ask for the credentials from the realm on login, and create a token from those (assuming authentication passes). The client-principal/token is then passed into the AppServer on each request. Spring manages the token for you, so you shouldn't need to login on every request.
 
Unless I misunderstand your question?
 
-- peter
 
[collapse]
From: bronco [mailto:bounce-bfvo@community.progress.com]
Sent: Tuesday, 19 May, 2015 09:13
To: TU.OE.Development@community.progress.com
Subject: [Technical Users - OE Development] PASOE & IHybridRealm
 
Thread created by bronco

I'm wondering, if I'm writing my implementation of IHybridRealm, is the AppServer thread (or agent) locked for the duration of the authentication process or do I have to assume that every step (usernumber, pwd validation) is on a different thread/agent. In the latter case I have to refetch the user for every step and that's potentially costly in an OERA environment.

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]
Posted by bronco on 19-May-2015 08:32

Well that's not entirely what I meant.

If one tries to authenticate via IHybridRealm, first the ValidateUser method is called. This ValidateUser method is supposed to return and integer representing the user (so, username in, integer out). The second step of the process is that the method ValidatePassword is called with inputs: usernumber (the integer you just returned) and the password.

I suppose it's done this way so the usercode and password don't have to be sent from the REST adapter to the AppServer in one go (and assumes the underlying database has a user number for Id and is not using a guid for that, but that's a different story.

So in short, the methods ValidateUser and ValidatePassword are called. My question was if this is done in the same thread/agent.

Posted by Michael Jacobs on 19-May-2015 08:37

The OERealm client makes a Session-Free connection to the AppServer, and like all Session-Free clients each request will get dispatched to a different [Agent] ABL session to execute in.   So your IHybridRealm interface's implementation has to refetch the user account information each time.  

Posted by bronco on 19-May-2015 08:38

Or in other words, is the AppServer bound (yikes) between calling ValidateUser & ValidatePassword.

Posted by bronco on 19-May-2015 08:40

Our post crossed, thanks Michael. Although from a performance point of view that's not what I hoped for, it's logical.

Posted by bronco on 19-May-2015 08:52

And the implementation of IHybridRealm, is that a singleton?

Posted by bronco on 19-May-2015 09:18

to answer my own question, yes this is a singleton.

This thread is closed