Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

RAM OSLC REST: Am I authenticated?

Questions
Tags
Users
Badges
Kangkan Goswami
(15711621) Jun 19 '12, 8:39 a.m.
How can I check that I am authenticated while using the OSLC REST Service to RAM?

0 votes

5 answers
8,141 views
0 votes

Accepted answer

Permanent link
Rich Kulp
FORUM MODERATOR / JAZZ DEVELOPER (3.6k38) Jun 20 '12, 10:33 a.m.
There is no way to easily determine this. RAM itself doesn't tell you. This is just standard HTTP protocol. And standard HTTP protocol has no standard way of knowing this. All it does is it goes to the host and the host will send back an error code indicating not authenticated and it needs to be authenticated. Not all REST access requires authentication. A lot of it can be done anonymously, and only when you try to access something that requires authentication will the host determine if you are authenticated or not and will return an error indication authentication is needed. But there are no standard headers indicating that you are already authenticated.

Rich
Kangkan Goswami selected this answer as the correct answer

2 votes

Comments
Kangkan Goswami
Jun 21 '12, 12:45 a.m.

@RichardKulp: Thanks a lot. I was expecting something similar to that of RRC. When the client is not authenticated, RRC provides this header "x-com-ibm-team-repository-web-auth-msg" with value "authfailed".

4 other answers

Permanent link
Gili Mendel
JAZZ DEVELOPER (1.8k56) Jun 20 '12, 5:10 p.m.
Authentication is not done on the (REST) service, but rather on the HTTP protocol.   If you users ram.ws, you will be using basic authorization ... in this case, IF authorization is needed by the RAM server, and you are not authorized, then a 401 will be returned .. you will then need to send an Authorization header back.

In the case of form based, when/if authorization is needed by the RAM server, it will route you to a login page.  Login information is help as part of your session on the server (pointed to by your session cookie).

1 vote

Permanent link
Sheehan Anderson
JAZZ DEVELOPER (1.2k4) Jun 19 '12, 9:37 a.m.
If you're using the web services path you can add RAMSecure to the URL and it will force you to authenticate if you're not already authenticated.
https://server/ram.ws/RAMSecure/

0 votes

Comments
Kangkan Goswami
Jun 19 '12, 9:48 a.m.

@SheehanAnderson: Reading my post carefully could help. I am talking about the REST service. This means, I shall expect some header in the response to know that I am not yet authenticated. Can you please update your answer accordingly?

Permanent link
Rich Kulp
FORUM MODERATOR / JAZZ DEVELOPER (3.6k38) Jun 20 '12, 6:40 p.m.
Basically Gili is saying, there is no way to know from just looking at the headers whether you are authenticated or not. That information is not sent in the response. The session cookie does not mean you are authenticated, it simply means a session (which can be anonymous) has been established with the host.

0 votes

Permanent link
Gili Mendel
JAZZ DEVELOPER (1.8k56) Jul 13 '12, 11:43 a.m.
As Rich noted ...  authentication information (who you are) is part of your session.  RAM does not require one to authenticate ... as many resources may not need that.  Only if you try to access something, and have no permission, RAM will start an authentication protocol (e.g., Form, oAuth ... etc.).


Sheehan mentioned above, that you can force that authentication dance by going to RAMsecure

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,036
× 516
× 481

Question asked: Jun 19 '12, 8:39 a.m.

Question was seen: 8,141 times

Last updated: Jul 13 '12, 11:43 a.m.

Confirmation Cancel Confirm