It's all about the answers!

Ask a question

RAM OSLC REST: Am I authenticated?

Kangkan Goswami (1571421) | asked Jun 19 '12, 8:39 a.m.
How can I check that I am authenticated while using the OSLC REST Service to RAM?

Accepted answer

permanent link
Rich Kulp (3.6k38) | answered Jun 20 '12, 10:33 a.m.
There is no way to easily determine this. RAM itself doesn't tell you. This is just standard HTTP protocol. And standard HTTP protocol has no standard way of knowing this. All it does is it goes to the host and the host will send back an error code indicating not authenticated and it needs to be authenticated. Not all REST access requires authentication. A lot of it can be done anonymously, and only when you try to access something that requires authentication will the host determine if you are authenticated or not and will return an error indication authentication is needed. But there are no standard headers indicating that you are already authenticated.

Kangkan Goswami selected this answer as the correct answer

Kangkan Goswami commented Jun 21 '12, 12:45 a.m.

@RichardKulp: Thanks a lot. I was expecting something similar to that of RRC. When the client is not authenticated, RRC provides this header "x-com-ibm-team-repository-web-auth-msg" with value "authfailed".

4 other answers

permanent link
Gili Mendel (1.8k56) | answered Jun 20 '12, 5:10 p.m.
Authentication is not done on the (REST) service, but rather on the HTTP protocol.   If you users, you will be using basic authorization ... in this case, IF authorization is needed by the RAM server, and you are not authorized, then a 401 will be returned .. you will then need to send an Authorization header back.

In the case of form based, when/if authorization is needed by the RAM server, it will route you to a login page.  Login information is help as part of your session on the server (pointed to by your session cookie).

permanent link
Sheehan Anderson (1.2k4) | answered Jun 19 '12, 9:37 a.m.
If you're using the web services path you can add RAMSecure to the URL and it will force you to authenticate if you're not already authenticated.

Kangkan Goswami commented Jun 19 '12, 9:48 a.m.

@SheehanAnderson: Reading my post carefully could help. I am talking about the REST service. This means, I shall expect some header in the response to know that I am not yet authenticated. Can you please update your answer accordingly?

permanent link
Rich Kulp (3.6k38) | answered Jun 20 '12, 6:40 p.m.
Basically Gili is saying, there is no way to know from just looking at the headers whether you are authenticated or not. That information is not sent in the response. The session cookie does not mean you are authenticated, it simply means a session (which can be anonymous) has been established with the host.

permanent link
Gili Mendel (1.8k56) | answered Jul 13 '12, 11:43 a.m.
As Rich noted ...  authentication information (who you are) is part of your session.  RAM does not require one to authenticate ... as many resources may not need that.  Only if you try to access something, and have no permission, RAM will start an authentication protocol (e.g., Form, oAuth ... etc.).

Sheehan mentioned above, that you can force that authentication dance by going to RAMsecure

Your answer

Register or to post your answer.