Common Characteristics

Services are secured using J2EE-based security model.

• Realm-based User Authentication: This verifies users through an underlying Realm. The username and password are passed using HTTP basic authentication.

• Role-based Authorization: This assigns users to roles; authenticated users can access the services with Allocation application roles or custom roles that are assigned to:

  • For Allocation: ALLOCATION_APPLICATION_ADMINISTRATOR_JOB

• The communication between the server and client is encrypted using one-way SSL. In non-SSL environments, the encoding defaults to BASE-64 and so it is highly recommended that these ReST services are configured to be used in production environments secured with SSL connections.

• If you are using Merchandising data filtering, that will apply to the services as well. The user ID used for the calling the service should be added to the Merchandising SEC_USER table (APP_USER_ID), and then associated to the appropriate group in SEC_USER_GROUP table.