OSLC security
Authentication and authorization support for OSLC services is provided by the Maximo IT security framework. J2EE-based authentication such as LDAP is supported through the application server. The application server also provides support for HTTPS.
Native authentication
The consumer request can provide the user:password values that are base64 encoded and are in the MAXAUTH HTTP header property.J2EE authentication
To configure J2EE authentication, you modify the web.xml file, set security constraints and set the useAppServerSecurity property to true.
You modify the web.xml file for the maximouiweb web module by uncommenting
the following
lines:
<!--
<servlet>
<display-name>OSLC Servlet for Web App</display-name>
<servlet-name>OSLCServlet</servlet-name>
<servlet-class>
com.ibm.tivoli.maximo.oslc.provider.MaximoOslcProviderServlet
</servlet-class>
<init-param>
<param-name>char_encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</servlet>
-->
<!--servlet-mapping>
<servlet-name>OSLCServlet</servlet-name>
<url-pattern>/oslc/*</url-pattern>
</servlet-mapping
To configure security constraints, you enter the following code for
<web-resource-collection>
:<web-resource-collection>
<web-resource-name>OSLC Servlet</web-resource-name>
<description>
OSLC Object Structure Servlet accessible by authorized users
</description>
<url-pattern>/oslc/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
The useAppServerSecurity property must be set to
true:
<env-entry>
<description>
Indicates whether to use Application Server security or not
</description>
<env-entry-nameuseAppServerSecurity</env-entry-name>
<env-entry-typejava.lang.String</env-entry-type>
<env-entry-valuefalse</env-entry-value>
</env-entry>
Explicit login and logout
If the consumer application needs to run explicit login commands, you use the following request:GET /maximo/oslc/login
If you
are using native authentication, you must add the MAXAUTH HTTP header property to the login request.
If the consumer application needs to run explicit logout commands, you use the following request:
GET /maximo/oslc/logout