前页 | 后页 |
User Credentials for accessing OSLC RESTful API
To retrieve, update, create or delete a Resource/Resource Feature, you need to pass in an User Authentication Token with the OSLC GET/POST Request. If the model connected via Pro Cloud Server has User Security enabled via Model Credentials or OpenID Authentication, you will have to authenticate the user to receive an User Authentication Token. Whereas, for a model that has no User Security, you can directly request an User Authentication Token. Unless you pass in the User Authentication Token, the OSLC request will not be processed by the Pro Cloud Server.
To get the User Authentication Token:
- In a Model that has OpenID Authentication enabled, POST the Authorization Code and Redirect URI to a specific URL; the Authorization Code can be obtained by authorizing the User at the authorizationURI endpoint (which is specified in the Service Provider Resource); the Redirect URI is the URI to which the Authorization Code is sent by the OpenID Server (this is specified in the OpenID Server configuration)
- In a Model that has Model Credential Security enabled, POST the User's Enterprise Architect Model Security credentials (User ID and Password) to a specific URL; these are the same credentials that you will type into the 'Login to EA Repository' dialog in a security-enabled model
- In a Model that has no Model Security, call a specific URL
- Upon successful validation, the XML returned will contain the User Authentication Token (amongst other information) in the XML element 'ss:useridentifier'
Requesting User Authentication Token
Step |
Action |
See also |
---|---|---|
1 |
If the model has:
|
|
2 |
Validate the user ID by POSTing the Authorization Code and Redirect URI to: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: sso=openid;code=<AUTHORIZATION CODE>;redirecturi=<REDIRECT URI>; Go to Step 6. |
|
3 |
Get the User Authentication Token by POSTing to this URL: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: sso=ntlm; Go to Step 6. |
|
4 |
Validate the user ID by POSTing its User's Enterprise Architect Model Security credentials to: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: uid=<USER ID>;pwd=<PASSWORD>; Go to Step 6. |
|
5 |
Get the User Authentication Token by POSTing to this URL: URL: <protocol>://<server>/<model_name>/oslc/am/login/ POST Body: uid=;pwd=; |
|
6 |
If validation succeeds, the response will typically be: <?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:ss="http://www.sparxsystems.com.au/oslc_am#" xmlns:foaf="http://xmlns.com/foaf/0.1/"> <ss:login> <!--boolean value that specifies whether the model allows Resource Creation/Update--> <ss:readonlymodel>VALUE</ss:readonlymodel> <!--boolean value that specifies whether you have valid Pro Cloud Server license--> <ss:validlicense>VALUE</ss:validlicense> <!--specifies the Full Name and User ID of the User in a Security Enabled Model--> <ss:userfullname> <foaf:Person> <foaf:name>FULL NAME</foaf:name> <foaf:nick>USER ID</foaf:nick> </foaf:Person> </ss:userfullname> <!--specifies the User Authentication Token--> <ss:useridentifier>USER AUTHENTICATION TOKEN</ss:useridentifier> <!--specifies the OpenID Access Token in a Model that supports OpenID Authentication--> <ss:accesstoken>OPENID ACCESS TOKEN</ss:accesstoken> <!--specifies the OpenID Refresh Token in a Model that supports OpenID Authentication--> <ss:refreshtoken>OPENID REFRESH TOKEN</ss:refreshtoken> <!--boolean value that specifies whether you have permission to create/update Resources--> <ss:elementpermission>VALUE</ss:elementpermission> <!--boolean value that specifies whether you have permission to update Diagrams--> <ss:diagrampermission>VALUE</ss:diagrampermission> <!--boolean value that specifies whether you have permission to create/update Resource Tests--> <ss:testpermission>VALUE</ss:testpermission> <!--boolean value that specifies whether you have permission to create/update Resource Allocations--> <ss:resourceallocationpermission>VALUE</ss:resourceallocationpermission> <!--boolean value that specifies whether you have permission to create/update Resource Maintenance Items--> <ss:maintenanceitempermission>VALUE</ss:maintenanceitempermission> <!--boolean value that specifies whether you have permission to create/update Resource Project Management Items--> <ss:projectmanagementitempermission>VALUE</ss:projectmanagementitempermission> </ss:login> </rdf:RDF> |
Authorization Header
When connecting to a port definition that requires authentication, OSLC requests other than the log-in request need to provide an Authorization header. If this header is not provided, you will receive a http status of 401 Access Denied.
Scheme |
Description |
See also |
---|---|---|
OSLC |
Once you have already performed the login, the easiest authorization scheme to use is OSLC. The authorization parameters are just the guid returned as ss:useridentifier from the login message. Where the User Authentication Token is {72825AF9-E116-48f1-9DF8-77815E66B1A7} the header will look like this: Authorization: OSLC {72825AF9-E116-48f1-9DF8-77815E66B1A7} |
|
Basic |
If 'Restrict access to Windows & OpenID users only' is not selected in your model then you can use the Basic authorization scheme. The authorization parameters are the base64 encoded username and password separated by a colon. Where the username is aladdin and the password is opensesame, you would pass a header like this: Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l |
|
NTLM |
If Accept Windows Authentication is enabled for your model NTLM authentication scheme can be used. Your http library should cover the specifics, but the server and client need to exchange tokens and OSLC calls will need to pass the second client token encoded with base64. |
|
OpenID |
If OpenID has been configured for your model, you can use the OpenID authentication scheme. Follow the instructions for obtaining an authorization code from OpenID and then include that as the authorization parameter. |
Passing User Authentication Token with OSLC Requests
Once you receive the User Authentication Token, you pass it with every OSLC request; that is, pass in the User Authentication Token:
- When retrieving a Resource or Resource Feature XML using GET Request as the value of the query string parameter 'useridentifier'
- When creating/updating a Resource or Resource Feature using POST RDF/XML as the value of the XML element 'ss:useridentifier'
Passing User Authentication Token with GET Requests
For GET requests, pass in the User Authentication Token as the value of the query string parameter 'useridentifier':
- <protocol>://<server>/<model_name>/oslc/am/OSLC REQUEST/?useridentifier=<User Authentication Token>
No. |
Example Input |
See also |
---|---|---|
1 |
Retrieve the properties of an Enterprise Architect Package Resource:
http://localhost:480/firebird_model/oslc/am/resource/pk_{5147E138-1F14-4738-B721-5FCC0F8821A8}/?useridentifier={72825AF9-E116-48f1-9DF8-77815E66B1A7} |
|
2 |
Retrieve all Resources:
http://localhost:480/firebird_model/oslc/am/qc/?useridentifier={72825AF9-E116-48f1-9DF8-77815E66B1A7}&oslc.where=dcterms:title="Class1" |
Passing in a User Authentication Token with OSLC POST Requests
For OSLC POST requests, you need to pass in the User Authentication Token as a part of the RDF/XML accompanying the POST request.
No. |
Input |
See also |
---|---|---|
1 |
In a Security Enabled model where:
The Notes, Complexity and Version are set. <?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:oslc_am="http://open-services.net/ns/am#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:ss="http://www.sparxsystems.com.au/oslc_am#"> <oslc_am:Resource> <!--Required Properties--> <dcterms:title>Class1</dcterms:title> <dcterms:type>Class</dcterms:type> <ss:parentresourceidentifier>pk_{259A54C2-6A89-46d7-AB7E-F192668010CA}</ss:parentresourceidentifier> <dcterms:description>Created via OSLC</dcterms:description> <ss:complexity>Easy</ss:complexity> <ss:version>1.0</ss:version> <ss:useridentifier>{72825AF9-E116-48f1-9DF8-77815E66B1A7}</ss:useridentifier> </oslc_am:Resource> </rdf:RDF> |
|
2 |
In a model where:
<?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:oslc_am="http://open-services.net/ns/am#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:ss="http://www.sparxsystems.com.au/oslc_am#"> <oslc_am:Resource> <!--Required Properties--> <dcterms:identifier>el_{567854C2-6A89-46d7-AB7E-F192668010CA}</dcterms:identifier> <dcterms:title>Actor1_New</dcterms:identifier> <ss:useridentifier>{72825AF9-E116-48f1-9DF8-77815E66B1A7}</ss:useridentifier> </oslc_am:Resource> </rdf:RDF> |
Logout from Model
Usually, 30 minutes of inactivity will log you out of a model; you will have to login again by POSTing to the credential validation URL. You can also logout out of a model by passing in the User Authentication Token as the value of the query string parameter 'useridentifier' in this GET request :
- <protocol>://<server>/<model_name>/oslc/am/logout/?useridentifier=<User Authentication Token>
If successful (i.e. the passed-in User Authentication Token is valid), you will receive a 200 OK HTTP response and you will no longer be able to access the model.
If unsuccessful (i.e. the passed-in User Authentication Token is invalid), you will receive a 404 Not Found HTTP response.
Notes
- This facility is available through the Pro Cloud Server, with a valid license
- An OSLC request will not be processed by the Pro Cloud Server unless the User Authentication Token is passed in with the request
- 30 minutes of inactivity will log you out of a model; you will have to login again by POSTing to the credential validation URL