Introduction
...
In the oAuth Security example, one of the APIs from the Basic Service example will be secured with oAuth.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# go to soajs directory cd /opt/soajs/node_modules # install urac npm install soajs.urac # go to urac directory cd /opt/soajs/node_modules/soajs.urac # export necessary environment variables export SOAJS_PROFILE=/opt/soajs/node_modules/soajs.utilities/data/getStarted/profile.js export SOAJS_ENV=test export SOAJS_SRVIP=127.0.0.1 # run urac node . |
URAC is now running on http://127.0.0.1:4001 and will be used to login with different users. Therefore, its maintenance port is 5001.
Next, a heartbeat request is sent to check the health of the URAC service.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
curl -X GET "http://127.0.0.1:5001/heartbeat" |
...
Run the Service
| Code Block | ||||
|---|---|---|---|---|
| ||||
# go to correct directory cd /opt/soajs/node_modules/soajs.examples/example03/ # export necessary environment variables export SOAJS_PROFILE=/opt/soajs/node_modules/soajs.utilities/data/getStarted/profile.js export SOAJS_ENV=test export SOAJS_SRVIP=127.0.0.1 # start service node . |
The service is now running and listens on port 4012. Therefore, its maintenance port is 5012.
Next, a heartbeat request is sent to check the health of the service.
| Code Block | ||||
|---|---|---|---|---|
| ||||
curl -X GET "http://127.0.0.1:5012/heartbeat" |
A response similar to the one below indicates a healthy functioning of the service.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{"result":true,"ts":1425372737466,"service": {"service":"example03","type":"rest","route":"/heartbeat"}} |
...
As stated above, tenant1 possesses two applications. This examples shows a request to use the buildName API, sent using the external key of tenant1 using package1, which
does not have access to any of the service's APIs. The response should be an error stating that the user is not allowed to access the service API.
| Note |
|---|
Make sure the controller is running. Make sure oAuth is running. Make sure you have a valid access token by logging in to oAuth. Use your valid access token in the curl request below. |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
curl -X GET -H "key:4232477ed993d167ec13ccf8836c29c400fef7eb3d175b1f2192b82ebef6fb2d129cdd25fe23c04f856157184e11f7f57b65759191908cb5c664df136c7ad16a56a5917fdeabfc97c92a1f199e457e31f2450a810769ff1b29269bcb3f01e3d2" "http://127.0.0.1:4000/example03/buildName?lastName=Smith&access_token=valid_access_token" |
The key sent with the request is that generated for tenant1 using application1.
...
| User | tenant | Overrides Package | Overrides Tenant | buildName | testGet | Custom Tenant Information |
|---|---|---|---|---|---|---|
| User1 | Tenant1 | NO | NO | NO | NO | NA |
| User2 | Tenant1 | YES | NO | YES | YES | Changes the tenant name |
| User3 | Tenant1 | NO | YES | YES | NO | Changes the tenant name |
The above table shows three users. Each user has the ability to override the permissions their tenant, and its attributed package.
The examples that follow aim to present how a user can override the ACL permissions of the tenant it belongs to AND/OR the package that the tenant is using.
In addition to that, the examples will show that the user also has the ability to change these configurations, which, in this case, is "tenant name".
User1 Tests
URAC Login
Before using the service APIs, a user must be authenticated to the service. Each of the three users has a password. The first step would be to login to URAC
...
The corresponding response prove the above statement. User2 overrode the package ACL and obtained full access to the service's APIs
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{"result":true,"data":{"firstName":"John","lastName":"Smith"},"soajsauth":"Basic c29hanM6QzAyWWNjQXdaSDBYSnhTMkJ5ejAzZG5RZ1BOdXFFd0d4UmM="} |
...