The Progress Application Server for OpenEdge (PAS for OpenEdge) is a web server preconfigured to expose your ABL business applications to HTTP clients in an internet/intranet environment. Instead of using adapters like the classic OpenEdge AppServer, PAS for OpenEdge implements each service-interface type as a transport. Transports translate HTTP messages into requests that can be executed in ABL business applications. Currently, there are four transports: APSV, REST, SOAP and WEB. All the transports are packaged into a single PAS for OpenEdge web application (OEABL) which facilitates a single ABL business application handling requests from different HTTP client types. (Compare to the adapter-based “classic” OpenEdge AppServer where you must run a separate instance for each service-interface type.)
Also included in the OEABL web application is an industry known and tested web security layer, the Spring Security framework, that effectively handles user authentication and URL authorization actions. You no longer need to build that security functionality into your business application yourself. ABL business applications not only enjoy the benefit of running in a secured web environment but they also benefit from their ABL logic being executed in a Multi-Session Agent with PAS for OpenEdge.
The OpenEdge application server technology that ran classic WebSpeed applications via WebSpeed Messengers depended largely on strong web security support from ABL code in the form of OpenEdge application-level security. PAS for OpenEdge opens the door for legacy WebSpeed applications to be simpler and more secure by taking advantage of the security features available in the OEABL web application. However, you do not need to sacrifice your ABL application’s user account infrastructure.
To support user accounts implemented in ABL applications that can coexist with PAS for OpenEdge’s strong web security layer, OpenEdge includes the OERealm ABL interface. OERealm has two components: one that runs in the PAS for OpenEdge OEABL application, and a developer-written OOABL class that runs in the PAS for OpenEdge multi-session Agent.
In this document, we go through the steps that are required to configure OERealm security for WebSpeed Applications in PAS for OpenEdge for both single and multi-tenant OpenEdge databases.