Versions Compared

Old Version 2

changes.mady.by.user Kirstin Seidel-Gebert

Saved on

compared with

New Version Current

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space WBRIDGE and version 24.0
Div
Classe2e-refDiv

Otp
Floatingfalse

Rp

Together with the REST Service features, you can use the normal security interceptor features as described on Security Model pp.

Image Modified

The authentication headers can be accessed via the Bridge REST Test Tool, to e.g. set them for testing purposes.

Image Modified

Click Authorize in the top right corner to enter the credentials.

Enabling Authentication

If you want to use authentication with a REST service, set the tags tokenTypetokenHeaderName, and useBasicAuth on the REST service component in the component diagram.

Multiexcerpt include
MultiExcerptNameE2ERESTService
PageWithExcerptREST

Setting these tagged values does not implement anything yet. The authorization headers have to be inspected in a security interceptor preprocessor to implement authentication and authorization.

Implementing Authentication

In the preprocessor of you security interceptor, you can implement the authentication process.

  1. Read the authentication headers (see Reading the REST HTTP Headers further below), which are
    • Authorization for basic authentication
      The basic authentication headers are base64 encoded. You have to decode them before usage.
    • <name of token header> in component diagram for token authentication
  2. Decode the basic authentication if necessary (see Decoding Basic Authentication further below).
  3. Implement your security settings depending on the header values.
    In case of the REST Support Manager example, this is a very simplified role assignment based on hard coded header values.

Reading the REST HTTP Headers

To read the REST HTTP headers, use getRestHttpRequest().

Multiexcerpt include
MultiExcerptNamehint_service_context
PageWithExcerptREST

Figure: getRestHttpRequest()

Image Modified

Receive the result in an object of type Request and get all request headers in an array object of type HeaderField.
HeaderField is a type containing a key value pair (see Request and Response Types).

Getting the API Key from the Request Headers

To get the API key value pair from the request headers array, look for the API key name you defined in the component diagram. In our example, this is "API-Key".

Figure: Lookup API Key

Image Modified

Getting the Authorization Headers from the Request Headers

To get the Authorization key value pair from the request headers array, look for "Authorization".

Figure: Lookup Authorization Header

Image Modified

Decoding Basic Authentication

To decode the base64 encoded basic authentication header value, use operations convertBase64ToBlob() and transcodeToString().
Image Modified

  1. Remove string "Basic " from the beginning of the header value, e.g.

    Code Block
    local cred = "";
set cred = authHeader.value.substringAfter("Basic ");

  2. Convert the base64 string to a Blob object using convertBase64ToBlob(), e.g.

    Code Block
    set credentials = cred.convertBase64ToBlob();

  3. Convert the Blob object to a readable string using transcodeToString(), e.g.

    Code Block
    set cred = credentials.transcodeToString("UTF-8");

  4. Split user and password from the credentials string, e.g.

    Code Block
    set user     = cred.substringBefore(":");
set password = cred.substringAfter(":");
Panel
titleOn this Page:
Table of Contents
Panel
titleRelated Pages: