Versions Compared

Old Version 10

changes.mady.by.user Deny Raatgever

Saved on

compared with

New Version Current

changes.mady.by.user Ludo Schoonen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Blueriq as a Service 

Out of box the Blueriq Runtime supports security on Blueriq as a Service. In Blueriq it is possible to create your own web services, either via REST or SOAP. In order to secure a BAAS a shortcut needs to be created for the BAAS project, more information about creating shortcuts can be found here. Since Blueriq R13 it is not needed to use 'securityEnabled' anymore for the shortcut, it will always be secured when there is a role set in studio.
For an example how to set a role on a process : Authorization algorithms. Setting a role is also possible on other Blueriq items like Flows, Services etc.Blueriq Runtime supports security on Blueriq as a Service out of the box by adding roles to the webservice definition, which will secure the endpoint. 

Adding a role to the webservice

To secure a webservice a role must be added to the baa(r)s service. There are two methods to add roles to the service, at the service definition or at the exposed flow which is started from the webservice.

Service definition

A role Role can be added at the to each operation soap/rest of a service definition in a Web service in Blueriq Encore.

Image RemovedImage RemovedImage Added

Exposed flow

A role Role can be added at the exposed  flow to an exposed Flow (which is started from the service definition) in Blueriq Encore. This can be useful if the flow is started from multiple contexts. Otherwise adding the role at the service definition is preferable over this option.

Image Removed

Security Flag at the shortcuts

The shortcuts can be secured using an extra property. Runtimes prior to Blueriq 13 will need this property, in Blueriq 13 this feature is deprecated, since adding a role to the service will be sufficient to force security. When this property is used in Blueriq (prior to 13), the security flag in the shortcuts will only work in combination with a role on the webservice.

Code Block
blueriq.shortcut.SHORTCUT_NAME.securityEnabled = true

Image Added

Conversations

A Role can be added to a Conversation in Blueriq Encore which is Exposed as a web service

Image Added

Security endpoints

These endpoints are secured when there is a role is set.

Code Block
REST: Runtime/server/rest/{Webservice}/{Operation}
SOAP: webservices/aaas/{Webservice}/{Operation}

The SOAP WSDL is not secured.

Code Block
webservices/aaas/{Webservice}/aaas.wsdl


Response status codes

Both REST and SOAP services return status codes to indicate the result of the request that was sent. There are however differences between the results produced when a request does not end successfully. 

REST Service 

REST services will return a 401 status code for when a user is unauthenticated and a 403 code for when a user is authenticated but does not possess the required roles.

SOAP Service

SOAP services work differently because they will only return a 200 status code for successful requests or a 500 code accompanied by a SOAP fault for failed requests.