× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2024

Re: Basic authentication for REST Web Service on IWS

Basic authentication can be provided either by the HTTP server that is frontending the IWS server, or by the IWS server itself, or both.

I will not speak about HTTP server. But if you only go this route, you should note that users that can by-pass the HTTP server can go directly to IWS server and thus defeat any authentication requirements.

IWS supports various security mechanisms. What is built into IWS is basic authentication based on user profiles, validation lists, or flat file (not recommended). Support for user groups and roles are also provided. I will suggest you go to https://www.ibm.com/support/pages/node/6396442.

The other common thing is to use Jason Web Tokens (JWT). You would need to bring your own library to do this but IWS allows you to plug-in your own code to do authentication via the Trust authentication interceptor. You can read about that here: https://www.ibm.com/support/pages/node/6396908.


-----------------------------------------------
Nadir Amra
e-mail: amra@xxxxxxxxxx


From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Don Brown via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx>
Date: Thursday, April 18, 2024 at 1:42 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Don Brown <DBrown@xxxxxxxxxx>
Subject: [EXTERNAL] Basic authentication for REST Web Service on IWS
We have consumed many web services with different type of authentication.

We also have quite a few web services used internally that do not have any
authentication.

We are now creating a REST web service that will be access remotely using
IWS and we want to add authentication.

I have spent a few hours googling and reading a lot but have not stumbled
across any examples of authentication.

I think basic authentication can be handled to some extent by IWS, I can
see a parameter but can't find details of how it works.

There seems to be two common options.

1. Basic authentication like user and password or key and value

2. Tokens. Where basic authentication is used to retrieve a token and then
the token is used on requests until the token expires and a new one is
retrieved.

I am looking for IBMi specific examples or suggestions please.

Thank you for any assistance

Cheers

Don






As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.