OSLC security

Authentication and authorization support for OSLC services is provided by the Maximo IT security framework. J2EE-based authentication such as LDAP is supported through the application server. The application server also provides support for HTTPS.

Native authentication

The consumer request can provide the user:password values that are base64 encoded and are in the MAXAUTH HTTP header property.

J2EE authentication

To configure J2EE authentication, you modify the web.xml file, set security constraints and set the useAppServerSecurity property to true.

You modify the web.xml file for the maximouiweb web module by uncommenting the following lines:
<!--
<servlet>
	<display-name>OSLC Servlet for Web App</display-name>
	<servlet-name>OSLCServlet</servlet-name>
	<servlet-class>
    com.ibm.tivoli.maximo.oslc.provider.MaximoOslcProviderServlet
  </servlet-class>
	<init-param>
		<param-name>char_encoding</param-name>
		<param-value>UTF-8</param-value>
	</init-param>
</servlet>
-->


<!--servlet-mapping>
	<servlet-name>OSLCServlet</servlet-name>
	<url-pattern>/oslc/*</url-pattern>
</servlet-mapping
To configure security constraints, you enter the following code for <web-resource-collection>:
<web-resource-collection>
	<web-resource-name>OSLC Servlet</web-resource-name>
	<description>
    OSLC Object Structure Servlet accessible by authorized users
  </description>
	<url-pattern>/oslc/*</url-pattern>
	<http-method>GET</http-method>
	<http-method>POST</http-method>
	<http-method>PUT</http-method>
	<http-method>HEAD</http-method>
</web-resource-collection>
The useAppServerSecurity property must be set to true:

<env-entry>
	<description>
    Indicates whether to use Application Server security or not
  </description>
	<env-entry-nameuseAppServerSecurity</env-entry-name>
 	<env-entry-typejava.lang.String</env-entry-type>
	<env-entry-valuefalse</env-entry-value>
</env-entry>

Explicit login and logout

If the consumer application needs to run explicit login commands, you use the following request:
GET /maximo/oslc/login
If you are using native authentication, you must add the MAXAUTH HTTP header property to the login request. If the consumer application needs to run explicit logout commands, you use the following request:
GET /maximo/oslc/logout

Authorization

Authorization control is provided at the object structure level of the resource. You associate the object structure to an application in the Object Structure application. The security processing of the resource data is then based on both the configuration of security of the application and the user group of the user who made the request. When OSLC resources are processed, any object attribute that is configured as hidden through security is not included in the response to an OSLC request.