JSON / REST Data Source

The JSON / REST data source is a small REST client. It is meant to provide a small but flexible interface to RESTful backends. It supports two methods:

  • Credential Management
  • Attribute fetching

It is not possible to manage accounts using the JSON / REST data source.

Tip

For details on how to implement a backend for the JSON DAP see the developer documentation.

Configuration

The data source requires an http client configured with the trust settings needed to connect to the backend.

The full configuration reference can be found here.

The REST client can be configured to send either json or form encoded data, using either GET or POST. It is recommended to use POST as much as possible when sending credentials since the GET request’s URLs are subject to logging in gateways and proxies.

Credential Management

Listing 45 Example configuration of JSON credential data source
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
<data-source>
    <id>CredentialDS</id>
    <json xmlns="https://curity.se/ns/conf/data-access/json">
        <web-service-client>
            <hostname>localhost</hostname>
            <port>7777</port>
            <context>/json-ds</context>
            <http-client>trustStoreHttpClient</http-client>
        </web-service-client>
    <credential-access>
        <url-path>/user</url-path>
        <backend-verifies-password>true</backend-verifies-password>
        <submit-as>post-as-json</submit-as>
        <username-parameter>username</username-parameter>
        <password-parameter>password</password-parameter>
      </credential-access>
    </json>
</data-source>

In the highlighted line the backend-verifies-password is set to true, this means that the backend performs password verification. If set to false the backend is expected to return the password and Curity’s credential manager will validate it.

The example above sets up the JSON data source for credential access. Important configuration is what to name the username and password parameters in the request. These can be configured to match the backend’s requirements.

Attribute Management

For attribute access similar configuration can be made or added to the existing data source:

Listing 46 Example configuration of JSON attribute data source
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<data-source>
    <id>CredentialDS</id>
    <json xmlns="https://curity.se/ns/conf/data-access/json">
        <web-service-client>
            <hostname>localhost</hostname>
            <port>7777</port>
            <context>/json-ds</context>
            <http-client>trustStoreHttpClient</http-client>
        </web-service-client>
        <attributes>
            <parameter>
                <provide-as>query-parameter</provide-as>
                <username-parameter>subject</username-parameter>
            </parameter>
            <parameter-mappings>
                <parameter-mapping>
                    <parameter-name>parameter-orgid</parameter-name>
                    <use-value-of-attribute>orgid</use-value-of-attribute>
                </parameter-mapping>
                <parameter-mapping>
                    <parameter-name>parameter-token</parameter-name>
                    <use-value-of-attribute>attributes-token</use-value-of-attribute>
                </parameter-mapping>
            </parameter-mappings>
        </attributes>
    </json>
</data-source>