B
Blake Stanford
Guest
For clarification, we are on Classic Appserver not PASOE. We currently use the OERealmHybrid to authenticate our JSDO based REST services. In the IHybridRealm implementation class, we set several attributes in the CP (name, email, userid, etc..) from database tables and validate that the user is authorized to use the service (not disabled, locked out in some way and licensed). We also create a session_context record in the database and use the SESSION-ID in the CP as the key, if the user is authenticated. For other parts of our application GUI client non-JSDO based REST services we use application based authentication, the same session_context record is created but we use an internally created key, a GUID prefixed with a value that allows us to further identify from where the context_id was created. This context_id is then passed in to the appserver, either as a parameter from mapped REST based services or on the REQUEST-INFO:ClientContextID for Windows GUI clients and other Appserver clients. The activation event procedure sets the appropriate context for the user from the session_context records. So the use case would be to allow us to change the SESSION-ID in the CP to match our prefixed style of context_id key.
Continue reading...
Continue reading...