stackoom
  简体   繁体   中英

BlueMix SingleSignOn, How to call REST API of a BlueMix App with SSO service enabled

 原文  2015-06-15 17:34:46       rest/ single-sign-on/ ibm-cloud

Question

I have a BlueMix app with a few RestAPI calls. After adding SignleSignOn Service to this app, i am not able to make RestAPI calls via the app endpoint. Is there a way to pass the Authentication of SSO via the REST call headers ?

The SSO is configured with cloud Directory enabled. How should i pass user details along with Bluemix app Rest api call?

As of now i can only use the browser to login via SSO into the app and perform REST call only in the same browser.

Example RestCall -> http://myapp.mybluemix.net/sm/metadata

web.xml extract: 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSc hema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>SolutionManager</display-name>
<filter>
    <filter-name>RequestRedirect</filter-name>
    <filter-class>com.ibm.ba.ssl.RedirectFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>RequestRedirect</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>com.ibm.ba.sm.auth.AuthenticationFilter</filter-class>
</filter>   
<filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>   
<servlet>
    <description>
    </description>
    <display-name>sample</display-name>
    <servlet-name>sample</servlet-name>
    <servlet-class>com.ibm.ba.ers.ErsServlet</servlet-class>
    <enabled>true</enabled>
    <async-supported>false</async-supported>
</servlet>
<servlet-mapping>
    <servlet-name>sample</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>index.html</welcome-file>
</welcome-file-list>
<resource-ref>
    <description>MQLight Service</description>
    <res-ref-name>jms/MQLight-mc</res-ref-name>
    <res-type>javax.jms.ConnectionFactory</res-type>
    <res-auth>Container</res-auth>
    <res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>

<listener>
  <listener-class>
      com.ibm.ba.SMAppStart
  </listener-class>
</listener>

<security-constraint>
    <display-name>Authenticated Users</display-name>
    <web-resource-collection>
        <web-resource-name>ALL</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>TRACE</http-method>
        <http-method>POST</http-method>
        <http-method>DELETE</http-method>
        <http-method>OPTIONS</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Users</role-name>
    </auth-constraint>
</security-constraint>

Thanks, Lokesh

2 answers

solution1
 1 ACCPTED  2015-06-15 19:07:54

To access any service on Bluemix, you need to provide bearer token to provide along with it. To get bearer token, use the below API call:

POST http://login.ng.bluemix.net/UAALoginServerWAR/oauth/token

request body: "grant_type=password&username=[your-bluemix-id]&password=[your-bluemix-password]

headers: { 'authorization': 'Basic Y2Y6', 'accept': 'application/json', 'content-type' : 'application/x-www-form-urlencoded }

Response would be like: { "access_token": "[value_from_access_token]", "token_type": "bearer", "refresh_token": "[value2]", "expires_in": 43199, "scope": "password.write cloud_controller.write openid cloud_controller.read", "jti": "20e70e6e-5700-476c-bc15-7869c5fb4b07" }

To make REST calls for you services, use below mentioned headers:

{'accept': 'application/json', 'content-type': 'application/json',

'authorization': 'bearer[space][value_from_access_token] '}

solution2
 0  2015-06-15 21:21:20

The answers you have received so far are not correct for the new SSO service (which includes support for in-cloud registry). When you added the SSO service to your application, J2EE security constraints are applied to your application and the SSO service becomes the authentication source for satisfying those security contraints. This is ultimately why you currently require the browser cookie(s) obtained after browser authentication to make your REST calls.

Without seeing your deployed applications web.xml and server.xml files it's not clear what the best way forward is, however you may need to build an EAR file with explicitly defined security constraints and make your REST API endpoints unauthenticated or authenticated via another mechanism.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Making REST API call using curl to Bluemix Predictive Modeling service How to call external REST service over SSL from Bluemix Bluemix: Java Rest API starter app How to access REST api endpoints for Bluemix Bluemix Cloud Foundry REST API Bluemix Workload Scheduler REST API Bluemix REST Push notifications sendMessage IBM Bluemix PushNotification Rest API is unregistering the device Bluemix Secure Gateway - How to connect Bluemix Application? Bluemix Embedded Reports REST architecture
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM