Page History
Blueriq as a Service
Out of box the Blueriq Java Runtime supports security on Blueriq as a Service. In Blueriq it is possible to create your own web services, either via REST or SOAP. In order to secure a BAAS a shortcut needs to be created for the Baas project, more information about creating shortcuts can be found here. When a shortcut is created a new property needs to be added.
Code Block |
---|
blueriq.shortcut.ExampleShortcut.securityEnabled=true |
When adding this property to a BAAS shortcut the baas will be marked as secure. This means that the BAAS shortcut now enforces basic authentication.
Warning |
---|
Blueriq only secures endpoints on startup! Newly created secure shortcuts while the Runtime is running are registered. |
Blueriq Runtime supports security on Blueriq as a Service out of the box by adding roles to the webservice definition, which will secure the endpoint.
Adding a role to the webservice
To secure a webservice a role must be added to the baa(r)s service. There are two methods to add roles to the service, at the service definition or at the exposed flow which is started from the webservice.
Service definition
A Role can be added to each operation soap/rest of a service definition in a Web service in Blueriq Encore.
Exposed flow
A Role can be added to an exposed Flow (which is started from the service definition) in Blueriq Encore. This can be useful if the flow is started from multiple contexts. Otherwise adding the role at the service definition is preferable over this option.
Conversations
A Role can be added to a Conversation in Blueriq Encore which is Exposed as a web service.
Security endpoints
These endpoints are secured when a role is set.
Code Block |
---|
REST: server/rest/{Webservice}/{Operation}
SOAP: webservices/aaas/{Webservice}/{Operation} |
The SOAP WSDL is not secured.
Code Block |
---|
webservices/aaas/{Webservice}/aaas.wsdl |
Response status codes
Both REST and SOAP services return status codes to indicate the result of the request that was sent. There are however differences between the results produced when a request does not end successfully.
REST Service
REST services will return a 401 status code for when a user is unauthenticated and a 403 code for when a user is authenticated but does not possess the required roles.
SOAP Service
SOAP services work differently because they will only return a 200 status code for successful requests or a 500 code accompanied by a SOAP fault for failed requests.