Re: Apache directive syntax -- WEB400

Bradley,

Is there build in support for Oauth on the IBM I or does option 2 mean write it __

Thanks
John Slanina

On 12/11/18, 8:41 AM, "WEB400 on behalf of B Stone" <web400-bounces@xxxxxxxxxxxx on behalf of bvstone@xxxxxxxxx> wrote:

For the RESTful projects I've done for multiple clients to accessh APIs, I
have done the following:

1. Only put explicit paths in my HTTP config pointing to explicit
programs. A One to one. No wildcards.

2. Implemented a Oauth type token function. Each time an application is
called, if the token isn't good, exit immediately. (ie, header requires
Authorization: Bearer <token> on each request).
Example: https://www.fieldexit.com/forum/display?threadid=452

3. To request/refresh a token, a valid user/pw combo is required. This
can be done any way you want (a PF, validation list, etc).

I do this even for small projects. I've had some clients ask why I make
them request a token, even for one or two endpoints. Well, if experience
serves, once we get a couple endpoints and see how fruitful it is, they
will want more. And a way to track and log which endpoints are being
called, who is calling them (which is done by reverse lookup of the token),
and how often. 9 times out of ten this happens.

There may be cases where setting up alias matches with wildcards is an
idea, but in most cases I've dealt with, endpoints are explicit and that
isn't required.

Just my .02 on this thread.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #7 <https://www.bvstools.com/mailtool.html>: The ability
to completely bypass the IBM SMTP system all together using MAILTOOL Plus
or other Addons.

On Tue, Dec 11, 2018 at 7:26 AM Slanina, John <jslanina@xxxxxxxxxx> wrote:

> How can you control that is only get called once ? if more than one client
> is accessing the API you could have up to by default 40 jobs running. We
> have 19 jobs serving the api's right now.
> The first program wsrpgm02 is a router program the looks at the uri and
> does a DB lookup to find which program to load. It provides a level of
> security.
> I hope you are not going to let the client side pick the program. One typo
> from the client developer and they may run a program you don’t want them
> too.
>
> Thanks
> John Slanina
>
>
>
> On 12/11/18, 4:55 AM, "WEB400 on behalf of Rob Dixon" <
> web400-bounces@xxxxxxxxxxxx on behalf of robertsdixon@xxxxxxxxx> wrote:
>
> Many thanks. The wild card is not in my config but has been put there,
> at
> the beginning and end of each line, by a mail package when responding
> to my
> post. I don't know why.
>
> I don't need the SETENV code as the library list is set by my initial
> program. The other difference is that I have to distinguish between the
> initial program which calls my CGI program (indirectly) and that CGI
> program, as, rather obviously, the initial program must only be called
> once.
>
> Rob
>
> On Mon, 10 Dec 2018 at 16:33, Slanina, John <jslanina@xxxxxxxxxx>
> wrote:
>
> > Rob,
> >
> > Here is our setup is works fine.
> > I don’t undertstand why you have the wildcard * after it.
> >
> >
> > 21 SetEnv QIBM_CGI_CHANGE_CURLIB N
> > 22 SetEnv QIBM_CGI_LIBRARY_LIST
> >
> "QTEMP;D1BRCOBJ;D1BRFILESU;D1BRCPGMSU;D1BRFILESN;D1BRCPGMSN;D1GENNEW;D1BRFILES;D1BRCPGMS;D1PENWORK;D1PENFILES;D1NIFILES;D1TRFILES;D1IC08XXCP;D1IC08XXP;D1MW08XXCP;D1MW08XXP;D1NI08XXCP;D1NI08XXP;D1TR08XXCP;D1TR08XXP;D1BRCPGMS1;GPL;QGPL;RDB40;"
> > 23
> > 24 <Directory />
> > 25 Order Deny,Allow
> > 26 Deny From all
> > 27 </Directory>
> > 28
> > 29 <Directory /www/brctivod1/htdocs>
> > 30 Order Allow,Deny
> > 31 Allow From all
> > 32 </Directory>
> > 33
> > 34 ScriptAlias /webapi /qsys.lib/D1BRCPGMS.lib/wsrpgm02.pgm
> > 35
> > 36 <Directory /qsys.lib/D1BRCPGMS.lib>
> > 39 Allow From all
> > 40 order allow,deny
> > 41 Require valid-user
> > 42 DefaultNetCCSID 819
> > 43 AuthType Basic
> > 44 AuthName ****
> > 45 CGIJobCCSID 37
> > 46 CGIConvMode EBCDIC
> > 47 PasswdFile %%SYSTEM%%
> >
> >
> > 48 </Directory>On 12/10/18, 11:24 AM, "WEB400 on behalf of
> Buck
> > Calabro" <web400-bounces@xxxxxxxxxxxx on behalf of kc2hiz@xxxxxxxxx>
> > wrote:
> >
> > On 12/8/2018 11:48 AM, Rob Dixon wrote:
> > > The header is correct for the initial display. Having got that
> > screen, I
> > > then started a service program for the job and set a
> breakpoint at
> > the
> > > beginning of the calc specs for my CGI program, which, as I
> have
> > said, is
> > > the same program that displayed my first screen. But when I
> pressed
> > Enter
> > > to get the second screen, there was no breakpoint. There was
> nothing
> > in
> > > CGIDEBUG for the second screen. but the log said
> > >
> > > [Sat Dec 08 14:18:19 2018] [error] [client 192.168.2.210]
> > ZSRV_MSG0018:
> > > File /QSYS.LIB/E310PRDOBJ.LIB/E31RPP.PGM/081780817443836/ does
> not
> > exist,
> > > referer: http://192.168.2.70/cgi-bin/erros
> > > [Sat Dec 08 14:18:19 2018] [error] [client 192.168.2.210]
> > ZSRV_MSG0016: URI
> > > in request POST /cgi-bin/E31RPP.PGM/081780817443836/ HTTP/1.1
> is not
> > valid,
> > > referer: http://192.168.2.70/cgi-bin/erros
> > >
> > > The relevant config lines seem to be
> > > * 7* * ScriptAlias /cgi-bin/erros
> > > /QSYS.LIB/E310PRDOBJ.LIB/E310H00000.PGM*
> > > * 8* * Alias "/cgi-bin/" "/QSYS.LIB/E310PRDOBJ.LIB/"*
> > > * 9* * ScriptAliasMatch ^/cgi-bin/(.*) /$1*
> > > * 10*
> > > * 11* * # ScriptAliasMatch ^/cgi-bin/(.*)
> > /qsys.lib/E310PRDOBJ.LIB/$1*
> > >
> > > Line 7 executes correctly with the display of the first
> screen. I
> > have
> > > tried it with line 11 instead of line 9 and the result is the
> same.
> >
> > What's the URI after the first screen displays? Is it
> > http://192.168.2.70/cgi-bin/E31RPP.PGM/081780817443836 If so,
> wouldn't
> > that assert ScriptAliasMatch and try to fire off program
> > 081780817443836, which doesn't exist?
> >
> > --
> > --buck
> >
> > http://wiki.midrange.com
> > Your updates make it better!
> >
> > --
> > This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
> > mailing list
> > To post a message email: WEB400@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: https://lists.midrange.com/mailman/listinfo/web400
> > or email: WEB400-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at https://archive.midrange.com/web400.
> >
> >
> >
> > --
> > This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
> mailing
> > list
> > To post a message email: WEB400@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: https://lists.midrange.com/mailman/listinfo/web400
> > or email: WEB400-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at https://archive.midrange.com/web400.
> >
> >
>
> --
> Rob Dixon
>
> www.erros.co.uk
> www.boarstall.com
> --
> This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
> mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: https://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at https://archive.midrange.com/web400.
>
>
>
> --
> This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
> list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: https://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at https://archive.midrange.com/web400.
>
>
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.