Authenticating for REST commands
The way that you authenticate to run REST commands depends on how the server is set up and the tool that you are using to run the commands.
Authenticating with a user name and passwordThe simplest way to authenticate for REST commands is to use a user name and password. For example, if you are using the
curlprogram, you can specify the user name and password in the command, as in the following code:
curl -k -u jsmith:passwd https://myserver.example.com:8443/cli/application/info ?application=JPetStore
Authenticating with a token
If you’d rather not put your password out there, you can get an authentication token (for
23453425-dfgfgd-23432-sdfsf) from the server and send it with the user
PasswordIsAuthToken like this:
curl -k -u PasswordIsAuthToken:23453425-dfgfgd-23432-sdfsf https://myserver.example.com:8443/cli/application/info ?application=JPetStore
You can also use the DS_AUTH_TOKEN environment variable. An authentication token (authtoken) that is generated by the server.
curl -k -u PasswordIsAuthToken:DS_AUTH_TOKEN https://myserver.example.com:8443/cli/application/info ?application=JPetStore
Authenticating in scripts and programsMany programming and scripting languages can call REST commands.
#!/usr/bin/env python import urllib2 import json import base64 import sys if not len(sys.argv) == 3: print 'usage: script <username> <password>' exit(1) username = sys.argv password = sys.argv epass = base64.b64encode(username + ':' + password) print 'base64 encoded: ' + epass baseUrl = 'ucdeploy.example.org:8443' url = 'https://' + baseUrl + '/cli/application/info' + '?application=JPetStore' opener = urllib2.build_opener(urllib2.HTTPHandler) req = urllib2.Request(url) req.add_header('Authorization', 'Basic '+epass) req.get_method = lambda: 'GET' resp = opener.open(req) print resp.read()
Authenticating in a Groovy script
For an example of authenticating in a Groovy script, see the following repository: https://github.com/IBM-UrbanCode/groovy-sample-scripts-UCD
Importing the server certificateThe default server certificate is unsigned. Some tools do not connect to servers with unsigned certificates by default. To access a server with a self-signed certificate, you can instruct the tool to connect insecurely, or you can import the certificate into your client. Follow these steps to import the certificate into your client:
- Export the server certificate to a file:
- On the computer that hosts the IBM UrbanCode Deploy server, open the server.xml file in a text editor. By default, this file is in the location server_install/opt/tomcat/conf/server.xml. The default server installation directory is /opt/ucd/server on Linux™ and C:\Program Files\ucd\server on Windows™.
- In the server.xml file, find the following
lines of code and note the values of the keystoreFile and keystorePass attributes:
sslProtocol="TLS" keystoreFile="conf/tomcat.keystore" keystorePass="changeit" />
- In a command-line window, run the following command:
The keytool application is included in the Java™ developer kit and is not part of IBM UrbanCode Deploy. Use the name of the keystoreFile attribute from the server.xml file for
keytool -v -list -keystore keyStoreFileName
keyStoreFileName. When the command prompts you for a password, specify the value of the keystorePass attribute. The default value is
- From the result of the command, find the alias of the server.
For example, the result of the command might look like the following
In this code, the alias is
Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: server Creation date: Mar 19, 2014 Entry type: PrivateKeyEntry
- Run the following command to export the certificate to a file
and specify the password again:
Use the alias of the server for
keytool -exportcert -alias serverAlias -keystore keyStoreFileName -storetype jks -file server.cert
- Copy the server.cert file to the client computer.
- Import the server.cert file into the keystore
of the client computer:
- In a command-line window on the client computer, run the following
command and specify the password for the keystore on the client. The
Use the location of the JRE or JDK for
jreLocation\jre\bin\keytool.exe -importcert -alias serverAlias -file tomcat.cert -storetype jks -keystore jreLocation\jre\lib\security\cacerts
- In a command-line window on the client computer, run the following command and specify the password for the keystore on the client. The default is
curl, might still not accept the server certificate because it is unsigned. To resolve this problem, set up a signed certificate for the server.