Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Web Application Administration : Managing REST Web applications : SSO support for REST Web applications : Pre-authentication filter in REST Web applications
 
Pre-authentication filter in REST Web applications
The appSercurity-xxx.xml security configuration file of the REST Web application consists of a PRE-AUTH filter for bypassing the REST authentication process for REST requests that have been pre-authenticated by other applications. The bypass operation is performed if the REST request contains a pre-authenticated ClientPrincipal token in the REST request header. For pre-authenticated requests, the REST Web application performs just the domain authorization test to grant access.
The following OEPreauthfilter bean code snippet is the PRE-AUTH filter format:
<!-- The Pre-auth security filter for SSO -->
<b:bean id="OEPreauthfilter"
class="com.progress.rest.security.OERequestHeaderAuthenticationFilter">
<b:property name="enabled" value="false"/>
<b:property name="key" value=""/>
<b:property name="registryFile" value= "" />
<b:property name="encoding" value="OECP"/>
<b:property name="headername" value="X-OE-CLIENT-CONTEXT-ID"/>
<b:property name="authenticationManager"
ref="authenticationManager" />
</b:bean>

<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>

<b:bean id="preauthAuthProvider"
class="com.progress.rest.security.OEPreAuthenticatedAuthenticationProvider">
<!--
<b:property name="rolePrefix" value="ROLE_" />
<b:property name="enabledAttrName" value="ATTR_ENABLED" />
<b:property name="lockedAttrName" value="ATTR_LOCKED" />
<b:property name="expiredAttrName" value="ATTR_EXPIRED" />
-->
</b:bean>
Note: Other Progress applications, such as Rollbase®, use ATTR_ENABLED, ATTR_LOCKED, and ATTR_EXPIRED as user state names. It is recommended that you do not change these names.