Using HTTP Basic authentication is a common mechanism to check user’s authenticity, when creating REST-enabled API’s to prevent applications and it’s functionalities from unathorized access. Service Bus 12c (SB) supports this authentication method by using a OWSM security policy. The corresponding authentication information are transported in the HTTP header.
In some cases, for example when only user-relevant data should be determined when querying information from Enterprise Information Systems (EIS), the information about the current user that are available in the HTTP header might be helpful. As an alternative the username information could be transported in the payload of each Service Call, e.g. as a query parameter.
In the following I will describe, which steps are needed to extract the username from the HTTP header, so transporting the same information twice, in the header and the payload, can be avoided.
Starting point is a simple HelloWorld service, which expects a valid HTTP Basic authentication token. In the example a corresponding OWSM policy is used to realize this. The service as such has an operation “greet” that takes no parameter. As result, it returns a personalized salution based on the passed authorization header.
Please click here read the complete blog here
No comments:
Post a Comment