Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Management Agent and REST Web Application Security Configurations : Working with security configurations : Encrypting a password shared by REST Management Agent and REST Web application
 
Encrypting a password shared by REST Management Agent and REST Web application
The REST Management Agent uses the /adapterman URI to communicate with REST Web applications. The /adapterman URI is to be used only in OpenEdge as a cross-context communication port. For security, the /adapterman URI has its own security configuration that comprises a shared password used between the OpenEdge REST Management Agent and OpenEdge REST Web applications.
In a production environment, the /adapterman URI is secured with the shared password. The password does not have to be modified as it is consumed by the OpenEdge REST Management Agent and OpenEdge REST Web application. However, as part of advanced security measures for the REST Web application, you can encrypt the shared password.
To encrypt the shared password, do the following:
1. Generate a hashed and salted password for a REST Web application user using the EncodePassword utility. The utility provides two passwords, one for the REST Web application user, and another for the REST Management Agent.
For more information on generating hashed and salted passwords, see the Setting hashed and salted password using EncodePassword.
For example, if the EncodePassword utility gives the following output when generating a password for a user, newuser, where the user name also acts as a salt source:
appSecurity sha256 password:tPcPFxLM11LkOAdT7SJollooXl6Rw8UtSP3LhmhUQVg=
OERM oech1 password: 3e373837333620243f202b
The password, 3e373837333620243f202b, generated using the OpenEdge encryption algorithm, oech1, is required for encrypting the shared password used between the OpenEdge REST Management Agent and the OpenEdge REST Web applications.
2. Open the web.xml file in the REST Management Agent in a text editor, look for the following code snippet:
<context-param>
<param-name>adaptermanID</param-name>
<param-value>C62384a0F1516B00</param-value>
</context-param>
<context-param>
<param-name>adaptermanSecret</param-name>
<param-value>1f177e7600202027731f2e293322362174</param-value>
</context-param>
Replace the param-value of adaptermanID with the new user name and adaptermanSecret with new oech1 encoded password. Extending the example discussed in 1, you must make changes, as highlighted:
<context-param>
<param-name>adaptermanID</param-name>
<param-value>newuser</param-value>
</context-param>
<context-param>
<param-name>adaptermanSecret</param-name>
<param-value>3e373837333620243f202b</param-value>
</context-param>
3. Open the security configuration file, appSecurity-xxxx.xml, of your REST Web application and uncomment the code snippet to implement password hashing in it.
Extending the example discussed in 1, if you are using the security configuration, appSecurity-anonymous.xml, for your REST Web application.
Do the following
a. Find the <authentication-manager id="RestManagerAuth" > code snippet and make the updates highlighted to reflect the information about the encryption algorithm employed (in this case, SHA), and the newly generated user name (in this case, newuser) and password (in this case, newuser):
<!-- REST Manager access -->
<authentication-manager id="RestManagerAuth" >
<authentication-provider>
<password-encoder hash="sha-256" base64="true" >
<salt-source user-property="username" />
</password-encoder>
<user-service>
<user name="newuser"
password="
tPcPFxLM11LkOAdT7SJollooXl6Rw8UtSP3LhmhUQVg="
authorities="ROLE_PSCAdapter" />
</user-service>
</authentication-provider>
</authentication-manager>
b. Save the security configuration file.
4. Restart the Web server, and then re-enable the deployed REST Web application.