PASOE: Securing both REST and APSV transports

Posted by bronco on 16-May-2016 02:36

OE 11.6.1: I’m having some trouble both mentioned transports for an ABL application. Securing just REST works perfectly as described in the docs. But when I want to secure APSV as well and then it’s becoming a bit misty. I’m trying to setup form oerealm.

I setup oeablSecurity-form-oerealm.xml (and pointed to that in web.xml) like:

<b:bean id="OERealmUserDetails" class="" >  

<b:property name="realmURL" value="localhost:10600/.../apsv" />

<b:property name="realmClass" value="auth.AuthenticationRealm" />

Note: I’m setting up security for the /auth1 application, the /auth2 is the app which performs the actual authentication. /auth1 and /auth2 run on the same instance.

So far so good. This works for REST, the AuthenticationRealm class performs as expected. I can connect to the APSV from ABL with whatever credentials. But then securing the APSV part. I uncomment <b:import resource="apsv-basic.xml"/> and then restart the pasoe instance.  The REST transport still asks for authorization and if the correct credentials are given I get the expected response. Trying to connect to APSV no longer works (..:connect("-URL localhost:10600/.../apsv", "bfv", "bfv"))

Now I switch to the apsv-basic.xml file. In this file I comment <http-basic /> and uncomment <http-basic entry-point-ref="OEAuthenticationEntryPoint" /> as described. Obviously the file comments: “for oeablSecurity-basic-oerealm.xml”. But I’m working on oeablSecurity-form-oerealm.xml. Maybe here is the problem. When I restart the instance I get for REST: 403 - Forbidden: the server refuses to fullfill the client's request - GET /auth1/rest/restauth/person and for APSV I still can’t login but now with a 9328 error (unable to communicate with AIA).

What am I doing wrong here?

All Replies

Posted by Irfan on 16-May-2016 06:15

From ABL, if you want to send username & password in your HTTP request then you need to construct your URL as below in your connect parameter


Please let me know if you see any issues

Posted by bronco on 16-May-2016 10:49

OK, I changed my connection string to what you suggested, to no avail. So the REST interface is no longer working and APSV not as well. Both complaining about a 403. Commenting <http-basic /> and uncommenting <http-basic entry-point-ref="OEAuthenticationEntryPoint" />  caused the 403's...

Posted by Irfan on 16-May-2016 11:07

The change I have asked to change was as the the client code in ABL, did you change it in the ABL Client or in the Spring xml ?

Posted by bronco on 18-May-2016 07:04

At the client, but as stated, REST is broken as well and that has little to do with the ABL client.

Posted by Irfan on 18-May-2016 07:58

It means that there is some configuration problem. Can you look for any errors in the log file(oepas1.<date>.log)

Posted by Donicello Lampe on 19-May-2016 14:36

Bronco if you haven't done so already, please feel free to open a Support case for us to take a closer look at your issue.

Posted by bronco on 19-May-2016 14:42

Thanks, I will as soon as time permits.

This thread is closed