|
Hi Henrick, Yes, You are correct. We often do want some kind of stateful design to deal with sessions. The REST architectural constraint simply says statefulness is managed by the client, not the server. But REST architectural constraints are not the only legitimate way of doing things. I may well end up violating the REST architectural constraint of statelessness in how I manage authentication and authorization. If I do violate the statelessness constraint, I want to fully understand the consequences of violating that constraint, and I want to make sure that I'm not missing a way of conforming to that constraint simply because I am not clever enough to come up with it myself. Thanks, Kelly -----Original Message----- From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Henrik Rützou Sent: Friday, May 15, 2015 8:33 AM To: Web Enabling the IBM i (AS/400 and iSeries) Subject: Re: [WEB400] IBM i authentication and RESTful web service design I give up ... any technology in a STATEless environment has to deal with some kind of STATEful design to mimic a session. On Fri, May 15, 2015 at 2:28 PM, Richard Schoen < Richard.Schoen@xxxxxxxxxxxxxxx> wrote: > To add to Scott's comments, when you set up Apache for SSO, the AD > auth user gets populated with user@domain so your app code can use > that info to determine if the user is logged in correctly if you need > to check the user name. > > Personally I also like to cache session state in the database and > assign a session ID that expires. Then the browser or smart client app > only needs to hold the session ID locally when it's doing its communication. > > Regards, > > Richard Schoen | Director of Document Management Technologies, > HelpSystems > T: + 1 952-486-6802 > RJS Software Systems | A Division of HelpSystems > richard.schoen@xxxxxxxxxxxxxxx www.rjssoftware.com Visit me on: > Twitter | LinkedIn > > ------------------------------ > > message: 6 > date: Thu, 14 May 2015 23:41:38 -0500 > from: Scott Klement <web400@xxxxxxxxxxxxxxxx> > subject: Re: [WEB400] IBM i authentication and RESTful web service > design > > Kelly, > > If you have SSO already set up (such as LDAP, etc) then you can > configure Apache to use it. You would add something like this to your > config file for LDAP support: > > LoadModule ibm_ldap_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVLDAP.SRVPGM > > <DirectoryMatch "^/QSYS\.LIB/YOURLIB\.LIB/[a-z0-9]*\.PGM"> > LDAPConfigFile /www/YOUR-HTTP-INSTANCE/conf/ldap.prop > PasswdFile %%LDAP%% > AuthType Basic > AuthName "Kelly's Service" > Require valid-user > </DirectoryMatch> > > > -- > This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) > mailing list To post a message email: WEB400@xxxxxxxxxxxx To > subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/web400 > or email: WEB400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives at > http://archive.midrange.com/web400. > > -- Regards, Henrik Rützou http://powerEXT.com <http://powerext.com/> -- This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
