Create and deliver personalized experiences across digital properties at scale
Build engaging websites with intuitive web content management
Leverage a complete UI toolbox for web, mobile and desktop development
Build, protect and deploy apps across any platform and mobile device
Build mobile apps for iOS, Android and Windows Phone
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
Automate UI, load and performance testing for web, desktop and mobile
Host, deploy and scale Node.js, Java and .NET Core apps on premise or in the cloud
Optimize data integration with high-performance connectivity
Automate decision processes with a no-code business rules engine
Globally scale websites with innovative content management and infrastructure approaches
Content-focused web and mobile solution for empowering marketers
Faster, tailored mobile experiences for any device and data source
UX and app modernization to powerfully navigate today's digital landscape
Fuel agility with ever-ready applications, built in the cloud
In part one of our look at security on OpenEdge Mobile we focused on making the client-side secure. As promised, in this short blog, we’ll take a deeper dive into the server-side of OpenEdge Mobile.
First of all, let’s briefly review the architecture of OpenEdge Mobile:
On the Web Server Tier, OpenEdge provides application security templates which the application developers and production admins can customize to protect resources (a.k.a. Mobile Web Applications, see Figure 1 above). Mobile Web Apps are protected via similar mechanisms. The templates configure the industry standard Spring Security Version 3.1 framework which is co-packaged with the OpenEdge application to manage security for the mobile application’s REST resources.
Spring security is a comprehensive, peer-reviewed framework and having it tightly integrated with the OpenEdge platform is a huge benefit for system architects and developers. No longer do architects and developers need to develop “home grown” solutions to provide authentication and authorization, as they can now fully leverage the respected and well documented Spring framework for their security needs. The Spring templates are located in the WEB-INF directory of an OpenEdge project in Progress Developer Studio for OpenEdge.
Here’s a snippet of the web.xml file contained in the WEB-INF directory:
Note that we’ve enabled an authentication model of “anonymous” here. Let’s drill down one level to explore appSecurity-anonymous.xml:
REST Manager (or ‘RESTMAN’) is an administration utility for managing the lifecycle of mobile applications. We’ll make ‘RESTMAN’ the topic of a future blog. Let’s move down the file….
Moving down the file further, we can see how we can evaluate access to protected resources:
This has been a very brief tour of server-side security in OpenEdge 11.2. As previously mentioned, in a future post we’ll dissect some of the capabilities outlined above, e.g. the ‘RESTMAN’ utility. We’ll also explore how OpenEdge enables Single-Sign-On across the end-to-end platform for secure access to protected resources.
Gary is responsible for developing go-to-market strategies, providing technical marketing support and developing best practice materials for the Rollbase aPaaS platform.
Copyright © 2016, Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks or appropriate markings.