You can control the usage of your services with authorization policy.

Usage:

<executableService name="echoSecure" executable="echo_executable.bat" authorizationName="echoAuthorization"
            parameterSeparator=" ">
           <parameter name="param1" default="" />
           <parameter name="param2" default="param2-value" required="true"/>
           <parameter name="param3" default="" required="false" />
</executableService>

Use an authorization policy by referencing its identifier in service definition.

We assume that there is an authorization policy named: echoAuthorization:

<security>
       <executableAuthorization name="echoAuthorization" serviceName="echoAuthorizationService" >
               <parameterMapping >
           <mapRow authParam="param1" serviceParam="argument1"/>
           <mapRow authParam="param3" serviceParam="argument2"/>
           </parameterMapping>                         
               <expectedResult><text>OK</text></expectedResult>
       </executableAuthorization>       
</security>

We should map username and password parameters to input parameters of the authorization service (another service named checkUserPass)

Interface authorization passes the username and password attributes of the server request (see Server Request Example) to checkUserPassService as userid and plain_password parameters.

Then checks the output of the service with "OK" text in the example.

Server Request Example
<request username="mobileuser" password="ileri">

   <job serviceName="echoSecure">
     <parameter name="param1" value="sample_param1" />
     <parameter name="" value="sample_param_2" />  
     <parameter name="" value="sample_param_3" />
   </job>
</request>
  • No labels
Write a comment…