Try OpenEdge Now
skip to main content
Application Migration and Development Guide
Application Development with PAS for OpenEdge : Design and Implementation Considerations : Security considerations : User authentication and authorization : Authorization over a bound session-managed connection
 
Authorization over a bound session-managed connection
The following code shows a typical authentication and authorization example:
DEFINE INPUT PARAMETER pcPassword AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER pcUserId   AS CHARACTER NO-UNDO.

/* Authenticate user - if the user/password does not exist an error condition will automatically be raised. */
FIND FIRST app_user WHERE app_user.user_id = pcUserId
  AND app_user.password = ENCODE(pcPassword) NO-LOCK.

/* Authorize access to particular procedures */
IF NOT SESSION:EXPORT(app_user.can_run) THEN DO:
  /* Log failure message to server session logfile and refuse connection */
  MESSAGE "Failed to create export list for" app_user.user_id.
  RETURN ERROR.
END.
First, the user_id and password established by the client application's CONNECT( ) method are authenticated against an external source (in this case, valid users are identified in a database table named app_user). Secondly, the particular user is authorized to request execution of an established, user-specific, list of procedures (entry points) through the EXPORT( ) method.
To create a tighter security model, establish an export list in conjunction with OpenEdge authentication of a client-principal that you initialize with pcPassword and pcUserId to restrict access from the client applications host to the remote procedure sources. For more information on authenticating with a client-principal and OpenEdge security, see sections on application security in OpenEdge Development: Programming Interfaces.