Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Web Design

attachment_14676332_REST_api_secure_search

advertisement 
1. To create "my profile" dialog in order to request inputs by users, call /imc/userprompt API.
Let's say login user name is esuser01, you can call it with /imc/userprompt?id=esuser01. Then you will get
information enough to construct the dialog in your application.
You can see corresponding XML elements to the my profile dialog.
Request:
http://<server>:8394/api/v10/imc/userprompt?id=esuser01
Response:
<?xml version='1.0' encoding='UTF-8'?>
<es:apiResponse xmlns:atom="http://www.w3.org/2005/Atom" xmlns:opensearch="http://a9.com//spec/opensearch/1.1/" xmlns:es="http://www.ibm.com/discovery/es/rest/1.0"
xmlns:ibmsc="http://www.ibm.com/search/content/2010" xmlns:ibmbf="http://www.ibm.com/browse/facets/2010">
<es:identity enabled="true">
<es:domain>HOLLYWOOD</es:domain>
<es:sourceType>winfs</es:sourceType>
<es:user/>
<es:encryptedPassword/>
</es:identity>
</es:apiResponse>
To perform secure search you have to attach security context (a.k.a. USC) with the query. It means that you have to
create USC beforehand.
2. In order to create USC, call /imc/identity API with correct parameters in JSON format.
Each JSON parameters should be equivalent to each XMl elements in the response above, except for user and
password. Because these 2 parameters should be given by end users, they are not included in the response unless
it's already stored in the previous trial.
Request:
http://<server>:8394/api/v10/imc/identity?id=esuser01&identity={"enabled":true, "domain":"HOLLYWOOD",
"password":"password", "user":"esadmin","encrypted":false,"type":"winfs"}
Response:
<?xml version='1.0' encoding='UTF-8'?>
<es:apiResponse xmlns:atom="http://www.w3.org/2005/Atom" xmlns:opensearch="http://a9.com//spec/opensearch/1.1/" xmlns:es="http://www.ibm.com/discovery/es/rest/1.0"
xmlns:ibmsc="http://www.ibm.com/search/content/2010" xmlns:ibmbf="http://www.ibm.com/browse/facets/2010">
<es:securityContext><identities id="ZXNhZG1pbg=="><identity
id="SE9MTFlXT09E"><username>ZXNhZG1pbg==</username><type>winfs</type>
<password encrypt="yes">iP+sTUx5nI55NgtABGjc3A==</password><groups><group
id="44Gq44GX"/><group id="RXZlcnlvbmU="/><group
id="QWRtaW5pc3RyYXRvcnM="/><group id="VXNlcnM="/><group
id="SU5URVJBQ1RJVkU="/><group
id="QXV0aGVudGljYXRlZCBVc2Vycw=="/><group
id="TE9DQUw="/></groups><properties><property
name="aclvl">Mg==</property><property
name="connectionid">MTI3NDA3NzYyNTY0MDAwMzYyNzMxNTgyMTY=</property><property
name="crwid">TmVhckR1cC5XSU5fNDg2ODc=</property><property
name="valid">dHJ1ZQ==</property><property
name="spaceid">dDEyNzQwNzc2MTQ4NDU=</property><property
name="ssoenabled">ZmFsc2U=</property><property
name="username">ZXNhZG1pbg==</property></properties></identity></identities>
</es:securityContext>
</es:apiResponse>
Now you got USC for the user named esuser01. The actual string of USC is XML encoded above. After you read the
response with XML parser, you will see the following XML as USC.
<identities id="ZXNhZG1pbg==">
<identity id="SE9MTFlXT09E">
<username>ZXNhZG1pbg==</username>
<type>winfs</type>
<password encrypt="yes">iP+sTUx5nI55NgtABGjc3A==</password>
<groups>
<group id="44Gq44GX"/>
<group id="RXZlcnlvbmU="/>
<group id="QWRtaW5pc3RyYXRvcnM="/>
<group id="VXNlcnM="/>
<group id="SU5URVJBQ1RJVkU="/>
<group id="QXV0aGVudGljYXRlZCBVc2Vycw=="/>
<group id="TE9DQUw="/>
</groups>
<properties>
<property name="aclvl">Mg==</property>
<property name="connectionid">MTI3NDA3NzYyNTY0MDAwMzYyNzMxNTgyMTY=</property>
<property name="crwid">TmVhckR1cC5XSU5fNDg2ODc=</property>
<property name="valid">dHJ1ZQ==</property>
<property name="spaceid">dDEyNzQwNzc2MTQ4NDU=</property>
<property name="ssoenabled">ZmFsc2U=</property>
<property name="username">ZXNhZG1pbg==</property>
</properties>
</identity>
</identities>
You don't need to understand what USC string means. You can just attach it to search query as security context
regardless of API type - SIAPI or REST.
Before attaching it to the query, you enclose it with security context marker, just like @SecurityContext::'[USC
string is here]'
In this case, the USC query is like this:
@SecurityContext::'<identities id="ZXNhZG1pbg=="><identity
id="SE9MTFlXT09E"><username>ZXNhZG1pbg==</username><type>winfs</type><password
encrypt="yes">iP+sTUx5nI55NgtABGjc3A==</password><groups><group id="44Gq44GX"/><group
id="RXZlcnlvbmU="/><group id="QWRtaW5pc3RyYXRvcnM="/><group id="VXNlcnM="/><group
id="SU5URVJBQ1RJVkU="/><group id="QXV0aGVudGljYXRlZCBVc2Vycw=="/><group
id="TE9DQUw="/></groups><properties><property name="aclvl">Mg==</property><property
name="connectionid">MTI3NDA3NzYyNTY0MDAwMzYyNzMxNTgyMTY=</property><property
name="crwid">TmVhckR1cC5XSU5fNDg2ODc=</property><property
name="valid">dHJ1ZQ==</property><property
name="spaceid">dDEyNzQwNzc2MTQ4NDU=</property><property
name="ssoenabled">ZmFsc2U=</property><property
name="username">ZXNhZG1pbg==</property></properties></identity></identities>'
3. Now you can perform secure search. Here's an example for searching with REST API.
Request:
http://<server>:8394/api/v10/search?query=serachterm&collection=colId&securityContext=
Response:
Just same as usual search response.
sample code in Java (including source code)
JDK 1.6 and Apache HttpClient 3.1 are required.
java -cp <classpath> com.ibm.es.rest.imcsample.IMCSampleMain -prop <Property
file path>
The tool firstly lists available secure sources that are configured correctly. Then it requests credentials for each
secure source, just like IdentityManagementExample, in order to construct USC.
If they are valid, it performs secure search using the USC constructed just before.
Related documents
Food and Digestion - The Reason You Should NEVER Drink
Food and Digestion - The Reason You Should NEVER Drink
Physics of Tsumani - Unsri
Physics of Tsumani - Unsri
Download
advertisement