[progress Communities] [progress Openedge Abl] Forum Post: Re: Rest Authentication

Status
Not open for further replies.
M

Michael Jacobs

Guest
Hello Carl, There are a number of considerations to make when choosing your application's authentication & authorization processes. I think your question is not about using OERealm specifically. The way it is worded the question is about choosing to use the Spring Security framework OpenEdge embeds within their REST and PASOE services - versus writing security services in ABL within your application. ( But I could be wrong and am answering the wrong question ) . The Spring Security framework implements best-practice authentication and URL authorization processes, with hundreds of thousands of hours in production systems - so it lends a level of security above what the normal application developer can provide. . Using Spring Security forces ALL client requests through a single point where user identity is validated and authorized to execute your ABL code BEFORE it executes - therefore protecting your code from many of the possible attacks you would have to manually code into your ABL application. It is becoming a best practice to NOT write the authentication and URL authorization into the business application code. . OERealm is just one of a number of configurable choices for where your REST service's authentication does account validation. You can change OERealm out and reconfigure to use LDAP, Active Directory, SQL server, SAML, openID, or a host of other user account authentication providers without changing your ABL application code - the Client-Principal being the common binding between the security layers and your business logic . The same applies for your choice of wire protocol and login session models should you want to go with something better than the HTTP BASIC one. Reconfigure and Spring Security handles login sessions and login session security without changes to your ABL application - the Client-Principal being the common binding between the security layers and your business logic There can be more, but consider these to see if I have answered your question adequately. Mike Jacobs

Continue reading...
 
Status
Not open for further replies.

Similar threads

J
  • Locked
[Progress News] [Progress OpenEdge ABL] Secure Managed File Transfer Solutions: Best Practices for User Authentication and Access Control
Replies
0
Views
130
John Iwuozor
J
J
  • Locked
[Progress News] [Progress OpenEdge ABL] What’s New in OpenEdge 12.8: Supercharge Developer Efficiency, Enhance Database Management and Improve Applica
Replies
0
Views
443
Jessica Malakian
J
J
  • Locked
[Progress News] [Progress OpenEdge ABL] 5 Key Features to Look for in Secure Managed File Transfer Software
Replies
0
Views
199
John Iwuozor
J
J
  • Locked
[Progress News] [Progress OpenEdge ABL] Key Benefits of Managed File Transfer Software
Replies
0
Views
323
John Iwuozor
J
S
  • Locked
[Progress News] [Progress OpenEdge ABL] How to Evaluate Managed File Transfer Solutions: A Comprehensive Guide
Replies
0
Views
208
Surajdeep Singh
S
Top