RESTful web service authentication

Author: ablancouribe@compuamerica.com.ve (bioalexy)

Hi, any ideas on how can I implement some sort of authentication method for a couple of RESTful web services (DSP)?   Regards

6 Comments

  1. bioalexy said Hi, any ideas on how can I implement some sort of authentication method for a couple of RESTful web services (DSP)? ... 

    It should not be too different than securing any other service. A quick browsing put in evidence: https://stormpath.com/blog/secure-your-rest-api-right-way Could it be helpful? Gianni


    Author: gianni (gianni.sandigliano@unifacesolutions.com)
  2. So basically I would have to create an API from Uniface following this protocols?


    Author: bioalexy (ablancouribe@compuamerica.com.ve)
  3. Hi, There is currently NO standard about security for REST services. That page is just an example...You should take YOUR OWN decision. The page title is "How to secure your REST API using PROVEN best practices". Widely used protocols to ensure web services security are those listed in the linked page: - Basic with TLS - OAuth 1.x - OAuth2 Stormpath went for a custom protocol on top of OAuth1.0a and this is their decision. You should explore those three protocols to understand tecniques commonly used to secure an application API and choose the one that fits better in your landscape. Usually each of these tecniques require a specific handshake and HTTP headers filled with specific structure(s). If you prefer you can find a more generic and educational approach at: Open Web Application Security Project Hope it helps... Gianni


    Author: gianni (gianni.sandigliano@unifacesolutions.com)
  4. The available (default) authentication options for a Uniface Web Application are described here. Hope this helps. Daniel


    Author: diseli (daniel.iseli@uniface.com)
  5. Thanks for the help, I decided to try the OAuth2 protocol, my problem arrives with the HTTPS connection in Uniface. I managed to create a self-signed Certificate (ca-bundle.crt), but don´t get how to use it with Uniface or if it´s better to configure tomcat instead to create a HTTPS connection.


    Author: bioalexy (ablancouribe@compuamerica.com.ve)
  6. bioalexy said Thanks for the help, I decided to try the OAuth2 protocol, my problem arrives with the HTTPS connection in Uniface. I managed to create a self-signed Certificate (ca-bundle.crt), but don´t get how to use it with Uniface or if it´s better to configure tomcat instead to create a HTTPS connection.  

    I'm not sure that I understand your question. Could you please elaborate? Where does the HTTPS connection come into play here? If I understand it correctly then you would like to create a RESTful web service with Uniface (using a DSP). In this context the web service client could connect to the web server using HTTPS. But this needs to be configured in the web server (e.g. Tomcat). Between the web server (Uniface WRD servlet) and the Uniface server there's not HTTP/HTTPS used. Or do you need a HTTPS connection for OAuth2 (e.g. calling another server for the authentication using HTTPS)? More info about how to configure Tomcat for HTTPS (SSL/TLS) can be found (e.g.) here.


    Author: diseli (daniel.iseli@uniface.com)