~~NOTRANS~~
~~NOPDF~~
~~Title: REST Extensions~~
=== Public Services ===
The [[jvx:common:util:rest|REST API of JVx]] offers a great solution for generic services accessible via REST. However, the standard access is protected by BASIC authentication, and sometimes it's important to offer public services without authentication. This isn't possible with standard JVx authentication implementations. Our application framework enables you to do really cool things with JVx' REST API.
To enable public REST services, first configure your REST zone to use the forwarding authentication mode. Simply add the following to your deployment descriptor (web.xml):
authtype
forward
The full definition:
RestletServlet
org.restlet.ext.servlet.ServerServlet
org.restlet.application
com.sibvisions.rad.server.http.rest.RESTAdapter
authtype
forward
RestletServlet
/services/rest/*
The authentication type defines that the configured SecurityManager will be used for authentication without pre-authentication with BASIC authentication. Usually, the BASIC authentication will be done before using the SecurityManager (e.g., authtype set to basic). The forward mode can be used to implement Single-Sign-On or no-authentication at all.
In our case, we performa an anonymous authentication with a pre-configured user. This enables you to configure the user with roles and offer public REST services without changing the application.
To enable anonymous authentication, use the [[applications:anonymous_connection|AnonymousDBSecurityManager]] in your config.xml:
com.sibvisions.apps.server.security.AnonymousDBSecurityManager
com.sibvisions.apps.server.object.DBWorkScreenAccess
...
To finish the configuration, set one user in the USERS database table as anonymous user. Simply set the column ANONYMOUS to 'Y'.
That's all you need.
Now it's possible to test you REST services, e.g.
http://localhost:8080/webapp/services/rest/myapp/Session/action/getInternalName?client.login.anonymous=true
In the above URL, the application is available in the context **webapp**. The application name is **myapp** and the **Session** LCO contains the method:
public String getInternalName()
{
return "Session";
}
In our current configuration, the anonymous user will use the same LCO (Session) like the authenticated user. This might be good but can be a risk if the anonymous user shouldn't be able to use the same services. To change the LCO, it's possible to configure a custom LCO, via config.xml:
com.sibvisions.apps.myapp.Session
com.sibvisions.apps.myapp.Application
com.sibvisions.apps.myapp.Anonymous
And the LCO code:
@StrictIsolation
@Replacement(name = "Public")
public class Anonymous extends GenericBean
{
public String getInternalName()
{
return "Anonymous";
}
}
This class doesn't extend the Session LCO, and it's an [[jvx:server:lco:session_isolation|Isolated LCO]]. Additionally, the class name got a [[jvx:server:lco:objects_rename|Replacement]] with the name Public.
With this configuration, our REST call will be changed to:
http://localhost:8080/webapp/services/rest/myapp/Public/action/getInternalName?client.login.anonymous=true
The LCO name is now **Public**. The call with the original name, **Anonymous**, is also possible
http://localhost:8080/webapp/services/rest/myapp/Anonymous/action/getInternalName?client.login.anonymous=true