Try OpenEdge Now
skip to main content
Administration Guide
Web application security configurations
 

Web application security configurations

In Progress Application Server for OpenEdge, the Spring Security framework implements Web application security.
Spring Security requires a separate authentication provider plug-in for each user account information source, such as an RDBMS database or a local text file. The Spring Security authentication process uses an object model that provides the following functionality:
*Authentication manager: The manager is responsible for creating and calling one of more authentication providers until the authentication process is complete (success or failure).
*Authentication provider: The provider is called by the authentication manager and is responsible for creating the user details service.
*User details service: This service is created by the authentication provider and is responsible for interacting with the account system to retrieve the user account along with the account attributes information, such as password and user roles. This information is used for validating the account password and for creating a Spring Security authentication token.
*Authentication token: This token is created as the result of a successful Spring Security authentication process. The token contains authenticated user information, such as user ID, granted roles, and session ID.
Note: The authentication token is used to generate an OpenEdge ClientPrincipal token that can be used further in the authorization process.
* Spring Security configuration files
* Enabling security for REST, WEB, APSV and SOAP
* User account configurations
* Login models
* CORS support
* Single sign-on (SSO) support in PAS for OpenEdge