REST/PASOE auth: adding properties to client-principal - Forum - OpenEdge Development - Progress Community

REST/PASOE auth: adding properties to client-principal

 Forum

REST/PASOE auth: adding properties to client-principal

This question is not answered

So I implemented IHybridRealm and set this in oeablSecurity-basic-oerealm.xml. Works!

I uncommented the CP section, so I get a CP in session:current-request-info:GetClientPrinciple().

Now, before the CP is sealed, I want to set some (custom) properties in the client-principle. I want this to be done via the implementation of IHybridRealm, not in the <b:property name="properties" > element of the OERealmAuthProvider provider. This because the information I want to add comes from the database (and is diferent for every user).


Can anyone point me in the right direction?

All Replies
  • I have code that does this: 

    CREATE CLIENT-PRINCIPAL hCP.
    
    hCP:INITIALIZE(     chUserDomain,                   /* qualified user@domain        */
                        GUID,                           /* unique session id            */
                        ADD-INTERVAL(NOW, 8, 'hours'),  /* default timeout/expiration   */
                        chPassword
                        ).
                    
    hCP:SET-PROPERTY(   {&AuthenticateSiteIdProperty}, 
                        chSiteID
                        ).
    


  • That's when you create your own CP. With PASOE you can let the spring security framework create the CP. My question how to add custom properties (f.e. a "functions" property) to the CP in the latter case.

  • Bronco,
    Sorry to report that the 'properties' in the OERealmUserDetails and OEClientPrincipalFilter will only accept static values at this time.

    I do see the use case for getting named attribute values from the AppServer and inserting them into the client-principal's properties.   Something many could benefit from.  Would you be agreeable to submitting an idea that adds this type of functionality?

    Mike J.

    From: bronco <bounce-bfvo@community.progress.com>
    Reply-To: "TU.OE.Development@community.progress.com" <TU.OE.Development@community.progress.com>
    Date: Wednesday, March 25, 2015 at 10:42 AM
    To: "TU.OE.Development@community.progress.com" <TU.OE.Development@community.progress.com>
    Subject: RE: [Technical Users - OE Development] REST/PASOE auth: adding properties to client-principal

    Reply by bronco

    That's when you create your own CP. With PASOE you can let the spring security framework create the CP. My question how to add custom properties (f.e. a "functions" property) to the CP in the latter case.

    Stop receiving emails on this subject.

    Flag this post as spam/abuse.

  • Hello,

    Just came across this post. I would like to know if the idea for this was submitted and it's current status. We are also using IHybridRealm and would like to insert some properties (for user context type of stuff from our database) before it is sealed.

    Regards

  • You can do it right now in 11.6.2+

    In your OERealmHybrid Class, add the attribute "Realm_ATTR_PROPERTIES" and return a JSON Object as longchar

    when OERealmDefs:REALM_ATTR_PROPERTIES then

                   do:

                    return JObj:getJsontext().

                   END.

    This should load all the custom properties and will be part of your sealing client principal.

    Once your CP is sealed and passed to MS-Agent, you can print those properties as below

    cList = hCP:list-property-names.

       iListSize = num-entries(cList, ",").

       if ( 0 < iListSize ) then do iListPos = 1 to iListSize:

           define variable cProp       as character no-undo.

           define variable cVal        as character no-undo.

           message "    properties:".

           cProp = entry(iListPos, cList, ",").

           cVal = hCP:get-property(cProp).

           message "          property:" cProp ", value:" cVal.

       end.

    (hCP is your client-principal handle).

    Regards,

    Irfan

  • Hi,

    We have a class that implements IHybridRealm using OE 11.6.3 spring security. In the auth flow I can see it calls the following for a successful auth:

    ValidateUser

    GetAttribute: 'ATTR_ROLES'

    GetAttribute: 'ATTR_ENABLED'

    GetAttribute: 'ATTR_LOCKED'

    GetAttribute: 'ATTR_EXPIRED'

    ValidatePassword

    How can I get it calling for the PROPERTIES attribute ?

  • Hello,

    for OpenEdge 11.6.3 you can add/change

    <b:bean id="OERealmUserDetails" class="com.progress.appserv.services.security.OERealmUserDetailsImpl" >

    ...

     <!-- PropertyMap -->

     <b:property name="propertiesAttrName" value="ATTR_PROPERTIES" />

    In your HybridRealm (Method GetAttributes) you can return a json object, for example:

    WHEN "ATTR_PROPERTIES" THEN DO:
              cAttributeValue = ' ~{ '
                              + '"key1":"' + value1 + '",'
                              + '"key2":"' + value2 + '",'
                              + '"key3":"' + value3 + '"'
                              + ' ~} '.
    END.
    
    and later:
    
    hPrincipal:GET-PROPERTY("key1")...
  • Lars,
     
    Just curious why you are hand-building the JSON instead of using the JsonObject. Is it just for this example?
  • Thanks, I was just missing the property map for ATTR_PROPERTIES. This will be a big help in not having to persist some additional session info elsewhere