Enforcing Basic Authentication on a REST Service Binding

In this sample, the Basic Authentication policy is enforced on a REST service. The REST service uses the GET method to retrieve information from a file stored on your local machine.

Procedure

  1. In the samples directory, select policy > basicauthentication > RestBinding and double-click tibco.bw.sample.policy.basicauthentication.RestBinding.zip . For more information, see Accessing Samples.
  2. In Project Explorer expand the tibco.bw.sample.policy.basicauthentication.restbinding project.
  3. Fully expand the Processes directory and double-click RestBindingProcess.bwp .
  4. Set the default ApplicationProfile to match the OS you are running on. For more information, see Setting the Default Application Profile.
  5. Click Run > Debug Configurations.
  6. At the left hand tree of Debug Configuration wizard, expand BusinessWorks Application and select BWApplication.
  7. Click the Applications tab and then click the Deselect All button if you have multiple applications. Select the check box next to tibco.bw.sample.policy.basicauthentication.RestBinding.application .
  8. Click Debug.
    This runs the sample in Debug mode.
  9. Launch a REST client, such as Postman Extension, on Chrome, and enter the request URL, for example http://localhost:7777/resources, in the Enter request URL here field.


  10. Click the GET operation.
  11. Enter your user name and password under the BasicAuth section.
  12. Click Update Request.
  13. Click Send to test your application.

Result

GET books returns an output similar to the following: 

<?xml version="1.0"?>
<purchaseOrder xmlns="http://tempuri.org/po.xsd" orderDate="1999-10-20">
    <shipTo country="US">
        <name>Alice Smith</name>
        <street>123 Maple Street</street>
        <city>Mill Valley</city>
        <state>CA</state>
        <zip>90952</zip>
    </shipTo>
    <billTo country="US">
        <name>Robert Smith</name>
        <street>8 Oak Avenue</street>
        <city>Old Town</city>
        <state>PA</state>
        <zip>95819</zip>
    </billTo>
    <comment>Hurry, my lawn is going wild!</comment>
    <items>
        <item partNum="872-AA">
            <productName>Lawnmower</productName>
            <quantity>1</quantity>
            <USPrice>148.95</USPrice>
            <comment>Confirm this is electric</comment>
        </item>
        <item partNum="926-AA">
            <productName>Baby Monitor</productName>
            <quantity>1</quantity>
            <USPrice>39.98</USPrice>
            <shipDate>1999-05-21</shipDate>
        </item>
    </items>
</purchaseOrder>

Understanding the Configuration

In this sample, a Basic Authenticaiton policy is associated with the REST service binding and configured to verify user credentials using an XML Authentication resource.

The XML Authentication resource references an XML file that contains information about users, groups, and roles. A user is a person with an authenticated credentials. A group is a collection of users . Roles can be assigned to users to grant them permission to perform a collection of tasks. Authorization, or permission, to access services can be assigned to both users and groups.

In this sample, an XML file is within workspace. The content of the XML file used by the XML Authentication resource is shown below. 
<?xml version="1.0" encoding="UTF-8"?>
<realm xmlns="http://xsd.tns.tibco.com/trinity/realm/2013" hashAlgorithm="PBKDF2WithHmacSHA256" repetitionCount="10240" xsi:schemaLocation="http://xsd.tns.tibco.com/trinity/realm/2013 Realm.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  
  <users>
  
    <user>
      <name>john</name>
      <plaintext>password</plaintext>
      <!-- attributes are optional -->
      <attribute name="some-name" oid="some:thing">some-value</attribute>
    </user>
    <user>
      <name>alex</name>
      <plaintext>password</plaintext>
	</user>
	  
  </users>
  
  <group-mapping>
    <group-name>managers</group-name>
    <user-name>alex</user-name>
  </group-mapping>
  <group-mapping>
  
    <group-name>administrators</group-name>
    <user-name>alex</user-name>
    <user-name>john</user-name>
  </group-mapping>
  
</realm>