Building Distributed
Applications
Using the Progress AppServer
Authentication and Authorization
You typically handle authentication and authorization tasks at the point of connection, using the Connect procedure, which can accept parameters for user authentication and refuse a client connection according to the result. For a state-reset or state-aware AppServer, you can take full advantage of this to authorize, on a user basis:
However, for stateless AppServers, you cannot directly authorize and implement these options at connect time.
Authorization on a State-reset or State-aware AppServer
The following code shows a typical authentication and authorization example. First, the user_id and password established by the client application’s CONNECT( ) method are authenticated against an external source (in this case, valid users are identified in a database table named app_user). Secondly, the particular user is authorized to request execution of an established, user-specific, list of procedures (entry points) through the EXPORT( ) method.
To create a tight security model, establish an export list in conjunction with operating-system security to restrict access from the client applications host to the remote procedure sources. For more information on operating-system security, see the information on operating systems in the "Security Considerations" section. For more information on creating an export list using the EXPORT( ) method, see the "AppServer Session Access" section.
Authorization on a Stateless AppServer
For a stateless AppServer, you cannot easily set an export list and database connections at connect time, because the Application Server process that runs the Connect procedure is not necessarily the one that executes subsequent remote procedure requests for the connected client. Setting an export list and database connections works much more effectively as a global activity that you implement in the Startup procedure, which executes for every Application Server process when it starts up.
You can, however, pass connection-based authentication and authorization information to each Application Server process that handles a remote procedure request for a client connection. The Application Server process can retrieve and resave the authorization information for the next Application Server process that handles the connection using the Activate and Deactivate procedures. For more information on using these procedures, see Programming the AppServer."
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |