Enforcing Basic Authentication on a REST Service Binding
In this sample, the Basic Authentication policy is enforced on a REST service. The REST service uses the GET method to retrieve information from a file stored on your local machine.
Procedure
Result
GET books returns an output similar to the following:
<?xml version="1.0"?> <purchaseOrder xmlns="http://tempuri.org/po.xsd" orderDate="1999-10-20"> <shipTo country="US"> <name>Alice Smith</name> <street>123 Maple Street</street> <city>Mill Valley</city> <state>CA</state> <zip>90952</zip> </shipTo> <billTo country="US"> <name>Robert Smith</name> <street>8 Oak Avenue</street> <city>Old Town</city> <state>PA</state> <zip>95819</zip> </billTo> <comment>Hurry, my lawn is going wild!</comment> <items> <item partNum="872-AA"> <productName>Lawnmower</productName> <quantity>1</quantity> <USPrice>148.95</USPrice> <comment>Confirm this is electric</comment> </item> <item partNum="926-AA"> <productName>Baby Monitor</productName> <quantity>1</quantity> <USPrice>39.98</USPrice> <shipDate>1999-05-21</shipDate> </item> </items> </purchaseOrder>
Understanding the Configuration
In this sample, a Basic Authentication policy is associated with the REST service binding and configured to verify user credentials using an XML Authentication resource.
The XML Authentication resource references an XML file that contains information about users, groups, and roles. A user is a person with an authenticated credentials. A group is a collection of users. Roles can be assigned to users to grant them permission to perform a collection of tasks. Authorization, or permission, to access services can be assigned to both users and groups.
<?xml version="1.0" encoding="UTF-8"?> <realm xmlns="http://xsd.tns.tibco.com/trinity/realm/2013" hashAlgorithm="PBKDF2WithHmacSHA256" repetitionCount="10240" xsi:schemaLocation="http://xsd.tns.tibco.com/trinity/realm/2013 Realm.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <users> <user> <name>john</name> <plaintext>password</plaintext> <!-- attributes are optional --> <attribute name="some-name" oid="some:thing">some-value</attribute> </user> <user> <name>alex</name> <plaintext>password</plaintext> </user> </users> <group-mapping> <group-name>managers</group-name> <user-name>alex</user-name> </group-mapping> <group-mapping> <group-name>administrators</group-name> <user-name>alex</user-name> <user-name>john</user-name> </group-mapping> </realm>