OERealm Doubts

Posted by Matheus R. Mokwa on 16-Mar-2016 13:03

I was reading this presentation of OE Realm, and i saw this:

OE Realm is NOT ...

- Able to support remotely created and deleted user accounts. (5th slide)

I'd like to know if it's true? 'Cause by reading it, I understood that in my web application, I can't implement a "Create/Update User Info". For example, a webpage where if you're not a register user, you have the option to click a "New User" button and this process creates a new user in _user table.

The presentation also says that it's not Limited to using the OpenEdge database’s _User table, does someone have implemented this? What must I change to make this happen?

--

Another point is, can I improve the error responses of the OERealm? I'm using JSDOSession objet to login in my webapp, and if it's not a successful login, I'd like to return somethign like "The User does not exist" or "Your user has been banned".Is it possible?

All Replies

Posted by Peter Judge on 16-Mar-2016 13:16

The presentation also says that it's not Limited to using the OpenEdge database’s _User table, does someone have implemented this? What must I change to make this happen?

Check out http://pugchallenge.eu/emeapug/images/presents2015/REST_Security.pdf  for some details starting at around slide 27.
 

OE Realm is NOT ...

- Able to support remotely created and deleted user accounts. (5th slide)

I'd like to know if it's true? 'Cause by reading it, I understood that in my web application, I can't implement a "Create/Update User Info". For example, a webpage where if you're not a register user, you have the option to click a "New User" button and this process creates a new user in _user table.

This basically means that the realm interface is not an administration interface, but primarily a 'query' interface.  You can use your own application table for user accounts but you will also have to add administrative functions yourself (whether that's remote (ie over http) or local).
 
 
Posted by Irfan on 16-Mar-2016 13:27

For you 2nd question

If you are using OpenEdge 11.6 version, then try using "appendRealmErrors"  in the OERealmUserDetails and see what you get in your client.

Posted by Irfan on 16-Mar-2016 13:35

Also, from 11.6 we provide JSP error pages when your Web Application fails. Take a look at it too

Below is an example of the error we get when we log-in as an expired user

Posted by Matheus R. Mokwa on 16-Mar-2016 13:57

Peter,

Think I got it. I would just need to adapt my HybridRealm.cls to do whatever I want.

Irfan,

I didn't understand where you want me to use the appendRealmErrors? I could only find OERealmUserDetails inside my oeablSecurity-form-oerealm.xml file. Should I change something inside of it?

Thank you both.

Posted by Irfan on 16-Mar-2016 14:05
Look at the last property in the OERealmUserDetails bean. It is set to false by default

<b:bean id="OERealmUserDetails" class="com.progress.appserv.services.security.OERealmUserDetailsImpl" > <b:property name="realmURL" value="AppServer://localhost:5162/oerealm" /> <b:property name="realmClass" value="OpenEdge.Security.Realm.HybridRealm" /> <b:property name="grantedAuthorities" value="ROLE_PSCUser" /> <b:property name="rolePrefix" value="ROLE_" /> <b:property name="roleAttrName" value="ATTR_ROLES" /> <b:property name="enabledAttrName" value="ATTR_ENABLED" /> <b:property name="lockedAttrName" value="ATTR_LOCKED" /> <b:property name="expiredAttrName" value="ATTR_EXPIRED" /> <b:property name="realmPwdAlg" value="0" /> <!-- <b:property name="realmTokenFile" value="" /> --> <!-- For SSL connection to the oeRealm appserver provide the complete path of psccerts.jar as the value of 'certLocation' property --> <b:property name="certLocation" value="" /> <!-- set appendRealmError = true in order to append the Realm class thrown error in the error details send to the REST Client --> <b:property name="appendRealmError" value="false" /> </b:bean>
This thread is closed