Prev | Next |
User Credentials in a Security Enabled Model
If the model connected via Pro Cloud Server has User Security enabled via Model Credentials or OpenID Authentication, then you will have to authenticate the user before retrieving, updating, creating or deleting a Resource/Resource Feature. Once the user is authenticated, you will be provided with a User Authentication Token that you will have to pass in with the OSLC GET and POST Requests. Unless you pass in the User Authentication Token, the OSLC request on a Security Enabled model will not be processed by the Pro Cloud Server.
To get the User Authentication Token:
- In a Model that has OpenID Authentication enabled, POST the Authorization Code and Redirect URI to a specific URL; the Authorization Code can be obtained by authorizing the User at the authorizationURI endpoint (which is specified in the Service Provider Resource); the Redirect URI is the URI to which the Authorization Code is sent by the OpenID Server (this is specified in the OpenID Server configuration)
- In a Model that has Model Credential Security enabled, POST the User's Enterprise Architect Model Security credentials (User ID and Password) to a specific URL; these are the same credentials that you will type into the 'Login to EA Repository' dialog in a security-enabled model
- Upon successful validation, the XML returned will contain the User Authentication Token (amongst other information) in the XML element 'ss:useridentifier'
Validating User Credentials in a Security Enabled Model
Step |
Action |
---|---|
1 |
If the model has:
|
2 |
Validate the user ID by POSTing the Authorization Code and Redirect URI to: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: sso=openid;code=<AUTHORIZATION CODE>;redirecturi=<REDIRECT URI>; Go to Step 5. |
3 |
Get the User Authentication Token by POSTing to this URL: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: sso=ntlm; Go to Step 5. |
4 |
Validate the user ID by POSTing its User's Enterprise Architect Model Security credentials to: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: uid=<USER ID>;pwd=<PASSWORD>; |
5 |
If validation succeeds, the response will typically be: <?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:ss="http://www.sparxsystems.com.au/oslc_am#" xmlns:foaf="http://xmlns.com/foaf/0.1/"> <ss:login> <!--boolean value that specifies whether the model allows Resource Creation/Update--> <ss:readonlymodel>VALUE</ss:readonlymodel> <!--boolean value that specifies whether you have valid Pro Cloud Server license--> <ss:validlicense>VALUE</ss:validlicense> <!--specifies the Full Name and User ID of the User in a Security Enabled Model--> <ss:userfullname> <foaf:Person> <foaf:name>FULL NAME</foaf:name> <foaf:nick>USER ID</foaf:nick> </foaf:Person> </ss:userfullname> <!--specifies the User Authentication Token--> <ss:useridentifier>USER AUTHENTICATION TOKEN</ss:useridentifier> <!--specifies the OpenID Access Token in a Model that supports OpenID Authentication--> <ss:accesstoken>OPENID ACCESS TOKEN</ss:accesstoken> <!--specifies the OpenID Refresh Token in a Model that supports OpenID Authentication--> <ss:refreshtoken>OPENID REFRESH TOKEN</ss:refreshtoken> <!--boolean value that specifies whether you have permission to create/update Resources--> <ss:elementpermission>VALUE</ss:elementpermission> <!--boolean value that specifies whether you have permission to update Diagrams--> <ss:diagrampermission>VALUE</ss:diagrampermission> <!--boolean value that specifies whether you have permission to create/update Resource Tests--> <ss:testpermission>VALUE</ss:testpermission> <!--boolean value that specifies whether you have permission to create/update Resource Allocations--> <ss:resourceallocationpermission>VALUE</ss:resourceallocationpermission> <!--boolean value that specifies whether you have permission to create/update Resource Maintenance Items--> <ss:maintenanceitempermission>VALUE</ss:maintenanceitempermission> <!--boolean value that specifies whether you have permission to create/update Resource Project Management Items--> <ss:projectmanagementitempermission>VALUE</ss:projectmanagementitempermission> </ss:login> </rdf:RDF> |
Passing User Authentication Token with OSLC Requests
Once the User Credential is successfully validated, you pass in the User Authentication Token in every OSLC request; that is, pass in the User Authentication Token:
- When retrieving a Resource or Resource Feature XML using GET Request as the value of the query string parameter 'useridentifier'
- When creating/updating a Resource or Resource Feature using POST RDF/XML as the value of the XML element 'ss:useridentifier'
Passing User Authentication Token with GET Requests
For GET requests, pass in the User Authentication Token as the value of the query string parameter 'useridentifier':
- <protocol>://<server>/<model_name>/oslc/am/OSLC REQUEST/?useridentifier=<USER AUTHENTICATION TOKEN>
Examples
No. |
Example Input |
---|---|
1 |
Retrieve the properties of an Enterprise Architect Package Resource:
http://localhost:480/firebird_model/oslc/am/resource/pk_{5147E138-1F14-4738-B721-5FCC0F8821A8}/?useridentifier={72825AF9-E116-48f1-9DF8-77815E66B1A7} |
2 |
Retrieve all Resources:
http://localhost:480/firebird_model/oslc/am/qc/?useridentifier={72825AF9-E116-48f1-9DF8-77815E66B1A7}&oslc.where=dcterms:title="Class1" |
Passing in a User Authentication Token with OSLC POST Requests
For OSLC POST requests, you need to pass in the User Authentication Token as a part of the RDF/XML accompanying the POST request.
Examples
No. |
Input |
---|---|
1 |
In a Security Enabled model where:
The Notes, Complexity and Version are set. <?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:oslc_am="http://open-services.net/ns/am#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:ss="http://www.sparxsystems.com.au/oslc_am#"> <oslc_am:Resource> <!--Required Properties--> <dcterms:title>Class1</dcterms:title> <dcterms:type>Class</dcterms:type> <ss:parentresourceidentifier>pk_{259A54C2-6A89-46d7-AB7E-F192668010CA}</ss:parentresourceidentifier> <dcterms:description>Created via OSLC</dcterms:description> <ss:complexity>Easy</ss:complexity> <ss:version>1.0</ss:version> <ss:useridentifier>{72825AF9-E116-48f1-9DF8-77815E66B1A7}</ss:useridentifier> </oslc_am:Resource> </rdf:RDF> |
2 |
In a Security Enabled model where:
<?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:oslc_am="http://open-services.net/ns/am#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:ss="http://www.sparxsystems.com.au/oslc_am#"> <oslc_am:Resource> <!--Required Properties--> <dcterms:identifier>el_{567854C2-6A89-46d7-AB7E-F192668010CA}</dcterms:identifier> <dcterms:title>Actor1_New</dcterms:identifier> <ss:useridentifier>{72825AF9-E116-48f1-9DF8-77815E66B1A7}</ss:useridentifier> </oslc_am:Resource> </rdf:RDF> |
Logout from a Security Enabled Model
Usually, 30 minutes of inactivity will log you out of a Security Enabled model; you will have to login again by POSTing the User Credentials to the credential validation URL. You can also logout out of a model by passing in the User Authentication Token as the value of the query string parameter 'useridentifier' in this GET request :
- <protocol>://<server>/<model_name>/oslc/am/logout/?useridentifier=<USER AUTHENTICATION TOKEN>
If successful (i.e. the passed-in User Authentication Token is valid), you will receive a 200 OK HTTP response and you will no longer be able to access the Security Enabled model.
If unsuccessful (i.e. the passed-in User Authentication Token is invalid), you will receive a 404 Not Found HTTP response.
Notes
- This facility is available through the Pro Cloud Server, with a valid license
- An OSLC request will not be processed by the Pro Cloud Server unless the User Authentication Token is passed in with the request on a Security Enabled model
- 30 minutes of inactivity will log you out of a Security Enabled model; you will have to login again by POSTing the User Credentials to the credential validation URL