According to this document, a default property file spaservice.properties is provided in $DLC\src\samples\security. You must copy this property file to your working directory $WRKDIR.
With regards to a web app published from PDSOE, what would the value of the env var $WRKDIR be?
Rom, The working directory ($WRKDIR) is usually what was set at install time. In a basic Progress install the default working directory would be OpenEdge/work. You should find your class files that were generated from PDSOE there.
Thank you for explanation mcmann!
You may also be interested in the following KBase article:
Thank you again for referencing the document 'What are the basic steps to authenticate REST clients against the OpenEdge database _User table?".
I have reviewed that document, in fact, and have a copy of it in front of me as I type this reply. It is because of that document that I opened this thread. In this document, the following block of text appears:
Secure the HybridRealm class to prevent it from being called by any other AppServer client. You can do this by generating a Client-Principal file using the genspacp.bat utility by running the following in a Proenv window:
genspacp -password RESTSPAPassword -role RESTSpaClient
Generated sealed Client Principal...
Encoded Password: oech1::02171c130115120331213c303d3737
State: SSO from external authentication system
Seal is valid
I was not sure if the User, Role and Domain referenced in the snippet above was cut/paste from another source in which the User, Role and Domain were already configured, or, as you alluded to in your reply, default values that will work without additional configuration needed.
I believe you meant to reply in your new thread here: https://community.progress.com/community_groups/openedge_development/f/19/p/16572/59328.aspx. I'll reply here as well to prevent further confusion.
For this example, the important part is in the piece of text that follows the section that you quoted:
"The serialized Client-Principal file (oespaclient.cp) can then be used by the REST web application to authenticate itself against the AppServer OpenEdge.Security.Realm.HybridRealm class (a sample oespaclient.cp file is attached). Please note that the values provided for the password and role in the genspacp command are independent to the ones used earlier for the Security Domain password and the REST client role. The sample OpenEdge.Security.Realm.HybridRealm class reads these two values from a spaservice.properties file and compares them with the values that are sent by the REST web application."
Basically the requirements depend on your implementation of the OpenEdge.Security.Realm.HybridRealm class.
Thank you very much for the clarification! The quoted text is the 'missing' piece I needed to bridge the ignorance gap in my understanding. Very much appreciated!