Developing the Security Authorization Service Application Class

The application class for the authorization service must be created from the base interface PTCS_SECURITY:Security:SecurityHandler. This base interface has only one method, GetAuthorization, which must be implemented by all child classes. This method receives an array of AuthRequest objects as parameters.

Import PTCS_SECURITY:Security:*;
Class SampleSecurityAppclass extends PTCS_SECURITY:Security:SecurityHandler
   /*method AuthRequestHandler(&arrAuthReq As array of PTCS_SECURITY:Security:*/
   /*AuthRequest);*/
   method GetAuthorization(&arrAuthReq As array of PTCS_SECURITY:Security:AuthRequest);
   
end-class;

/*method AuthRequestHandler*/
method GetAuthorization
   /+ &arrAuthReq as Array of PTCS_SECURITY:Security:AuthRequest +/
   /+ Extends/implements PTCS_SECURITY:Security:SecurityHandler.GetAuthorization +/
   
   Local integer &i;
   Local string &val, &userid;

/* Setting the Access Property in the AuthRequest object */
   For &i = 1 To &arrAuthReq.Len
      &arrAuthReq [&i].Access = "T";
   End-For;
   
/* Reading the Keyvalue from the AuthRequest object */
    &val = &arrAuthReq [1].GetParameterValue("CUSTOMER");

/* Reading the userid from the AuthRequest object */
end-method;

The different parameters of an authorization request that are present in each PARAMS element in a request message are encapsulated in an AuthRequest object. The AuthRequest object stores the key values of the request in an array. Use the GetParameterValues method to retrieve a particular value by passing the key name.

The AuthRequest object has an Access property that you use to set the authorization access for the user. A value of T (true) authorizes access and a value of F (false) denies access. The value of the Access property is set to F by default. You can set the property to T from inside the security application class as dictated by business requirements.