skip to main content
Pacific Application Server for OpenEdge: Administration Guide
Web application security configurations : SPA security configurations : Updating the SPA configuration file
 

Updating the SPA configuration file

After choosing an SPA security configuration model, you must edit the SPA configuration file in order to update the properties of the authentication provider and the user details service. The authentication provider, OERealmAuthProvider, is a bean that defines how to create a ClientPrincipal after an OpenEdge database user account's authentication process is successful. The user details service, OERealmUserDetails is a bean that specifies how the authenticated users connect to PAS for OpenEdge.
To update the SPA configuration file:
1. Open the SPA configuration file ($CATALINA_BASE/webapps/webapp_name/oeablSecurity-XXXX-oerealm.xml) and find the following element:
<b:bean id="OERealmAuthProvider"
class="com.progress.rest.security.
OERealmAuthProvider" >
2. Update the properties of OERealmAuthProvider.
The following table describes the properties of OERealmAuthProvider:
Table 16. OERealmAuthProvider properties
Spring property
Default value
Range of accepted values
Description
createCOAuthn
"true"
"true" |
"false"
Creates a Spring ClientPrincipal authentication token when set to true.
key
""
"<Valid
string>"
Specifies the OpenEdge domain's access code to seal the ClientPrincipal token with the specified string.1
userDomain
""
"<Valid
string>"
Specifies the OpenEdge domain name to append to the user account name if the name does not already contain a user domain.
multiTenant
"false"
"true" |
"false"
Prescribes the user to enter a fully qualified OpenEdge user-id@domain tenant when set to true.
authz
"true"
"true" |
"false"
Loads the user account's roles as Spring authorities used in the Spring security authorization process.
properties
"empty"
"valid name
and value"
Loads static client-principal properties by name and value.
expires
"0"
"0" or
"positive
integer"
Expires ClientPrincipal in the specified number of seconds.
1 The key property can also be in the "oech1::<hex-string>" where <hex-string> is the output from the OE genpassword utility.

3. Find the following element:
<b:bean id="OERealmUserDetails"
class="com.progress.rest.security.
OERealmUserDetailsImpl">
4. Update the properties of OERealmUserDetails.
The following table describes the properties of OERealmAuthProvider:
Table 17. OERealmUserDetails properties
Spring property
Default value
Range of accepted values
Description
realmURL
value must be updated
*internal://localhost/nxgas — for a local PAS for OpenEdge instance
http[s]://host:port/
oeabl_appname/apsv
— for a remote PAS for OpenEdge instance
http[s]://host:port/
aia_appname/aia
— for a remote OpenEdge AppServer using AIA
AppServer[s]://NameServer_host:NameServer_port/
service_name
— for a remote OpenEdge Appserver configured with a NameServer
AppServerDC[s]://Appserver_host:Appserver_port
/service_name
— for a remote OpenEdge Appserver using Direct Connect
Specifies the URL of the OpenEdge application server where the realm is implemented.
Note: The realm can be hosted on either a PAS for OpenEdge instance or an OpenEdge AppServer. This allows you to retain legacy implementations that were configured on an OpenEdge AppServer.
realmClass
"OpenEdge.
Security.
Realm.
HybridRealm"
"valid OOABL
path"
Specifies the realm service interface's class path. SPA security implementation for the REST Web application must specify the HybridRealm interface class.
grantedAuthorities
"ROLE_PSCUser"
"ROLE_XXXX"
Specifies the static Spring roles granted for the user if the AppServer realm service interface does not support roles.
rolePrefix
"ROLE_"
"valid
string"
Specifies the role name's prefix that the Spring security framework must use when converting external role names into Spring roles names.
roleAttrName
"ATTR_ROLES"
"valid
string"
Specifies the string name supported by the realm service interface to return a comma-separated list of roles names.
enabledAttrName
"ATTR_ENABLED"
"valid
string"
Specifies the string name supported by the realm service interface to return an account's enabled state.
lockedAttrName
"ATTR_LOCKED"
"valid
string"
Specifies the string name supported by the realm service interface to return an account's locked state.
expiredAttrName
"ATTR_EXPIRED"
"valid
string"
Specifies the string name supported by the realm service interface to return an account's expired state.
realmPwdAlg
"0"
"0" |
"3"
Specifies the format of the password passed to the realm service interface for validation.Specify:
*0 for clear-text passwords.
*3 for HTTP digest passwords.
realmTokenFile
""
"" | "valid
token file"
Optionally specify a file that holds a serialized ClientPrincipal used to authenticate the realm service interface. If left blank, authentication will not occur.
5. Save and close the configuration file.
6. Test the OERealm service:
a. In the WEB-INF/logging.xml file, uncomment the line following OEABL Security.
For example:
<!-- OEABL Security -->
<logger name="com.progress.appserv.services.security" level="INFO"/>
Note that you can change the level from INFO to DEBUG or TRACE to get more logging information.
b. Start (or re-start) the PAS for OpenEdge instance.
c. Check the contents of the $CATALINA_BASE\logs\web_appname_date.log file for startup errors related to your SPA security configuration.
d. In a Web browser or any HTTP client, test the user authentication process.