Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Div | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Together with the REST Service features, you can use the normal security interceptor features as described on Security Model pp.
Image Modified
The authentication headers can be accessed via the Bridge REST Test Tool, to e.g. set them for testing purposes.
Image Modified
Click Authorize in the top right corner to enter the credentials.
Enabling Authentication
If you want to use authentication with a REST service, set the tags tokenType, tokenHeaderName, and useBasicAuth on the REST service component in the component diagram.
Multiexcerpt include | ||||
---|---|---|---|---|
|
Setting these tagged values does not implement anything yet. The authorization headers have to be inspected in a security interceptor preprocessor to implement authentication and authorization.
Implementing Authentication
In the preprocessor of you security interceptor, you can implement the authentication process.
- Read the authentication headers (see Reading the REST HTTP Headers further below), which are
- Authorization for basic authentication
The basic authentication headers are base64 encoded. You have to decode them before usage. - <name of token header> in component diagram for token authentication
- Authorization for basic authentication
- Decode the basic authentication if necessary (see Decoding Basic Authentication further below).
- Implement your security settings depending on the header values.
In case of the REST Support Manager example, this is a very simplified role assignment based on hard coded header values.
Reading the REST HTTP Headers
To read the REST HTTP headers, use getRestHttpRequest()
.
Multiexcerpt include | ||||
---|---|---|---|---|
|
Figure: getRestHttpRequest()
Image Modified
Receive the result in an object of type Request and get all request headers in an array object of type HeaderField.
HeaderField is a type containing a key value pair (see Request and Response Types).
Getting the API Key from the Request Headers
To get the API key value pair from the request headers array, look for the API key name you defined in the component diagram. In our example, this is "API-Key".
Figure: Lookup API Key
Image Modified
Getting the Authorization Headers from the Request Headers
To get the Authorization key value pair from the request headers array, look for "Authorization".
Figure: Lookup Authorization Header
Image Modified
Decoding Basic Authentication
To decode the base64 encoded basic authentication header value, use operations convertBase64ToBlob()
and transcodeToString()
.
Image Modified
Remove string "Basic " from the beginning of the header value, e.g.
Code Block local cred = ""; set cred = authHeader.value.substringAfter("Basic ");
Convert the base64 string to a Blob object using
convertBase64ToBlob()
, e.g.Code Block set credentials = cred.convertBase64ToBlob();
Convert the Blob object to a readable string using
transcodeToString()
, e.g.Code Block set cred = credentials.transcodeToString("UTF-8");
Split user and password from the credentials string, e.g.
Code Block set user = cred.substringBefore(":"); set password = cred.substringAfter(":");
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
| ||