Skip to end of metadata
Go to start of metadata

You can control the access to your interface with authorization policy.

Usage:

<communication>
     <httpInterface authorizationName="checkHttpUserPass" hostname="localhost" port="1655"/>
</communication>

Use an authorization policy by referencing its identifier in interface definition.

We assume that there is an authorization policy named: checkHttpUserPass: 

<security>
       <executableAuthorization name="checkHttpUserPass" serviceName="checkUserPassService" >
               <parameterMapping >
           <mapRow authParam="username" serviceParam="userid"/>
           <mapRow authParam="password" serviceParam="plain_password"/>
           </parameterMapping>                         
               <expectedResult><text>OK</text></expectedResult>
       </executableAuthorization>       
</security>

We should map username and password parameters to input parameters of the authorization service (checkUserPass)

Interface authorization passes the username and password attributes of the server request (see Server Request Example) to checkUserPassService as userid and plain_password parameters.

Then checks the output of the service with "OK" text in the example.

Server Request Example
<request username="mobileuser" password="ileri">

   <job ....>

     ..

   </job>

</request>
  • No labels