Authorization over a bound session-managed connection
The following code shows a typical authentication and authorization example:
DEFINE INPUT PARAMETER pcPassword AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER pcUserId AS CHARACTER NO-UNDO.
/* Authenticate user - if the user/password does not exist an error condition will automatically be raised. */
FIND FIRST app_user WHERE app_user.user_id = pcUserId
AND app_user.password = ENCODE(pcPassword) NO-LOCK.
/* Authorize access to particular procedures */
IF NOT SESSION:EXPORT(app_user.can_run) THEN DO:
/* Log failure message to server session logfile and refuse connection */
MESSAGE "Failed to create export list for" app_user.user_id.
RETURN ERROR.
END.
First, the user_id and password established by the client application's CONNECT( ) method are authenticated against an external source (in this case, valid users are identified in a database table named app_user). Secondly, the particular user is authorized to request execution of an established, user-specific, list of procedures (entry points) through the EXPORT( ) method.
To create a tighter security model, establish an export list in conjunction with OpenEdge authentication of a client-principal that you initialize with pcPassword and pcUserId to restrict access from the client applications host to the remote procedure sources. For more information on authenticating with a client-principal and OpenEdge security, see sections on application security in OpenEdge Development: Programming Interfaces.
