Authenticating policy console users
In general, policy console users must be authenticated to access the resources for the REST API. Accessing the resources for the REST API requires using form-based authentication and maintaining a session on the server side. All requests to the policy console should be authenticated.
For information about requiring users to re-authenticate when the app is idle, see Managing the re-authentication frequency of app users.
About the authentication process for the policy console
To authenticate a user's session for the policy console:
Establish a user session with the policy console: The GET user/ping API call presents a login screen to the user. After the user submits their login credentials, the policy console creates the user session.
Authenticate the user for the session: The POST user/ping/j_security_check API call reads the cookie for the user session and redirects the authentication request to fetch the policy console resource.
How an authenticated request accesses a policy console resource
The following steps describe authenticating a user to access a requested resource on the policy console session.
The user for an API call submits a request to access a policy console resource. (This occurs when a user logs into the policy console or anytime during a user session)
The policy console checks to see if the user has been authenticated to access this resource.
If the user has been authenticated to access the resource, the policy console returns the data for that resource.
If the user has not been authenticated to access the resource, the policy console instead redirects the request to an authentication page. For example, this can happen at the time when a user logs into the policy console, or if a user's session has expired (and the user wants to re-establish a session with the policy console).
Once a user has been authenticated, then the policy console redirects the request back to the original request URL (by using HTTP 1.1 302) so the data is returned to the user.
About cookies
Session IDs should be stored in a cookie on the client side, therefore you need to enable cookies for all requests.
About the response content type
The default response Content-Type is application/json. If you receive a text/html response from the server, you need to authenticate (or re-authenticate, if your session has expired).
To authenticate, POST user/ping/j_security_check with parameters j_username and j_password.
After successful authentication, you receive an HTTP 302 response and the server sends a session ID (the JSESSIONID parameter) to the client. All subsequent requests should be accompanied by that JSESSIONID.
Example of an authentication request
This example demonstrates authentication using cURL from the command prompt. You can follow the authentication status by checking the Content-Type response headers.
Step one: Creating a user session
curl -b c.txt -c c.txt -X GET https://bc.qwe.com/mocana-app-control/rest/user/pingRequest header
> GET /mocana-app-control/rest/user/ping HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost
> Accept: */*
>Response header
< HTTP/1.1 200 OK
< Date: Tue, 29 Nov 2011 00:14:40 GMT
< Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r Phusion_Passenger/3.0.9 mod_jk/1.2.32
< Pragma: No-cache
< Cache-Control: no-cache
< Expires: Wed, 31 Dec 1969 16:00:00 PST
< Set-Cookie: JSESSIONID=59A97430FD4FB9C68BA4E85E5E5D4DC9.jk1; Path=/mocana-app-control
< Accept-Ranges: bytes
< ETag: W/"500-1320447400000"
< Last-Modified: Fri, 04 Nov 2011 22:56:40 GMT
< Content-Length: 500
< Content-Type: text/html
<
<html>
<head>
</h3>
<title>Policy Console REST Service</title>
</head>
<body>
</p>
<form method="POST" action="j_security_check">
<table>
<tr><td colspan="2">Please login to the Policy Console REST Service:</td></tr>
<tr>
<td>Name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" /></td>
</tr>
<tr><td colspan="2"><input type="submit" value="Login" /></td></tr>
</table>
</form>
</body>
</html>Step two: Authenticating the user session
curl -v -L -b c.txt -c c.txt -X \
POST https://bc.qwe.com/mocana-app-control/rest/user/ping/j_security_check \
-d j_username="email01@qwe.com" \
-d j_password=Qwerty1@Request header
> POST /mocana-app-control/rest/user/ping/j_security_check HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost
> Accept: */*
> Cookie: JSESSIONID=59A97430FD4FB9C68BA4E85E5E5D4DC9.jk1
> Content-Length: 44
> Content-Type: application/x-www-form-urlencoded
> Response header
< HTTP/1.1 302 Moved Temporarily
< Date: Tue, 29 Nov 2011 00:15:04 GMT
< Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r Phusion_Passenger/3.0.9 mod_jk/1.2.32
< Location: https://bc.qwe.com/mocana-app-control/rest/user/ping
< Content-Length: 0
< Content-Type: text/plainRequest header (following redirect)
> POST /mocana-app-control/rest/user/ping HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost
> Accept: */*
> Cookie: JSESSIONID=59A97430FD4FB9C68BA4E85E5E5D4DC9.jk1Response header
< HTTP/1.1 200 OK
< Date: Tue, 29 Nov 2011 00:15:04 GMT
< Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r Phusion_Passenger/3.0.9 mod_jk/1.2.32
* Replaced cookie JSESSIONID="387C71BACD87AAEA88425B39FC5674EF.jk1" for domain localhost, path /mocana-app-control, expire 0
< Set-Cookie: JSESSIONID=387C71BACD87AAEA88425B39FC5674EF.jk1; Path=/mocana-app-control
< Transfer-Encoding: chunked
< Content-Type: application/json;charset=UTF-8
<
{
"message": "",
"status": "OK",
"user": [{
"email": "email01@qwe.com",
"first_name": "John",
"id": "9b55d45c-8bd3-43ac-a02b-bd4406c7220c",
"last_name": "Lennon",
"ua_admin": "1",
"ua_creation_date": "2017-11-22 15:39:26.0",
"ua_modification_date": "2017-11-23 15:39:26.0",
"ua_status": "1",
"userUrl": "https://bc.qwe.com:443/mocana-app-control/rest/user/9b55d45c-8bd3-43ac-a02b-bd4406c7220c"
}]
}