Try OpenEdge Now
skip to main content
Administration Guide
Web application security configurations : User account configurations : OERealm user account configurations
 

OERealm user account configurations

The OERealm model allows you to use an OpenEdge application server as a source of user account information for the authentication process.
To implement the OERealm security model, add the following setting in the OERealm user account server configuration section of the oeablSecurity.properties file:
http.all.authmanager=oerealm
You configure it in the OERealm user account server configuration section of the oeablSecurity.properties file. See oeablSecurity.properties.READMEfor more information.
Note that an OERealm implementation consists of the following components:
*OpenEdge Realm (OERealm) Client: The client contains the Spring Security authentication provider and user account service objects that interact with the application server to retrieve the user account information. This information is then sent to the Spring Security authentication process.
The OERealm Client does the following:
1. Connects to the application server.
2. Executes a request to locate the user account and retrieve the account unique numeric ID.
3. Executes requests to retrieve the user account details in the following order:
a. Granted roles
b. The account enabled state
c. The account locked state
d. The account expired state
If the OERealm client finds that the account does not exist or if the account is in the disabled, locked, or expired state, no additional AppServer requests are performed.
*OERealm AppServer ABL interface:An ABL class that runs on the AppServer and responds to requests from the OERealm client and implements the interface IHybridRealm.
The actions of the class is performed in the following order:
1. Search for the user account using the name (userid[@domain]).
2. Return the user account attributes for the user account.
3. Validate the user account’s password.
Optionally, authorize the OERealm client and enable it to receive user account information.
For more information
Note: For more information about OERealm, see OpenEdge Application Server: Administration.
* Creating an OERealm service interface
* OERealm security considerations