PASOE: Securing both REST and APSV transports

Posted by bronco on 16-May-2016 02:36

OE 11.6.1: I’m having some trouble both mentioned transports for an ABL application. Securing just REST works perfectly as described in the docs. But when I want to secure APSV as well and then it’s becoming a bit misty. I’m trying to setup form oerealm.

I setup oeablSecurity-form-oerealm.xml (and pointed to that in web.xml) like:

<b:bean id="OERealmUserDetails" class="com.progress.appserv.services.security.OERealmUserDetailsImpl" >  

<b:property name="realmURL" value="localhost:10600/.../apsv" />

<b:property name="realmClass" value="auth.AuthenticationRealm" />

Note: I’m setting up security for the /auth1 application, the /auth2 is the app which performs the actual authentication. /auth1 and /auth2 run on the same instance.

So far so good. This works for REST, the AuthenticationRealm class performs as expected. I can connect to the APSV from ABL with whatever credentials. But then securing the APSV part. I uncomment <b:import resource="apsv-basic.xml"/> and then restart the pasoe instance.  The REST transport still asks for authorization and if the correct credentials are given I get the expected response. Trying to connect to APSV no longer works (..:connect("-URL localhost:10600/.../apsv", "bfv", "bfv"))

Now I switch to the apsv-basic.xml file. In this file I comment <http-basic /> and uncomment <http-basic entry-point-ref="OEAuthenticationEntryPoint" /> as described. Obviously the file comments: “for oeablSecurity-basic-oerealm.xml”. But I’m working on oeablSecurity-form-oerealm.xml. Maybe here is the problem. When I restart the instance I get for REST: 403 - Forbidden: the server refuses to fullfill the client's request - GET /auth1/rest/restauth/person and for APSV I still can’t login but now with a 9328 error (unable to communicate with AIA).

What am I doing wrong here?

All Replies

Posted by Irfan on 16-May-2016 06:15

From ABL, if you want to send username & password in your HTTP request then you need to construct your URL as below in your connect parameter

       http://<username>:<password>@localhost:10600/auth1/apsv

Please let me know if you see any issues

Posted by bronco on 16-May-2016 10:49

OK, I changed my connection string to what you suggested, to no avail. So the REST interface is no longer working and APSV not as well. Both complaining about a 403. Commenting <http-basic /> and uncommenting <http-basic entry-point-ref="OEAuthenticationEntryPoint" />  caused the 403's...

Posted by Irfan on 16-May-2016 11:07

The change I have asked to change was as the the client code in ABL, did you change it in the ABL Client or in the Spring xml ?

Posted by bronco on 18-May-2016 07:04

At the client, but as stated, REST is broken as well and that has little to do with the ABL client.

Posted by Irfan on 18-May-2016 07:58

It means that there is some configuration problem. Can you look for any errors in the log file(oepas1.<date>.log)

Posted by Donicello Lampe on 19-May-2016 14:36

Bronco if you haven't done so already, please feel free to open a Support case for us to take a closer look at your issue.

Posted by bronco on 19-May-2016 14:42

Thanks, I will as soon as time permits.

This thread is closed