The JSON / REST data source is a small REST client. It is meant to provide a small but flexible interface to RESTful backends. It supports three methods:
It is not possible to manage accounts using the JSON / REST data source.
Tip
For details on how to implement a backend for the JSON DAP see the developer documentation.
The data source requires an http client configured with the trust settings needed to connect to the backend.
The full configuration reference can be found here.
The REST client can be configured to send either json or form encoded data, using either GET or POST. It is recommended to use POST as much as possible when sending credentials since the GET request’s URLs are subject to logging in gateways and proxies.
GET
POST
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
<data-source> <id>CredentialDS</id> <json xmlns="https://curity.se/ns/conf/data-access/json"> <web-service-client> <hostname>localhost</hostname> <port>7777</port> <context>/json-ds</context> <http-client>trustStoreHttpClient</http-client> </web-service-client> <credential-access> <url-path>/user</url-path> <backend-verifies-password>true</backend-verifies-password> <submit-as>post-as-json</submit-as> <username-parameter>username</username-parameter> <password-parameter>password</password-parameter> </credential-access> </json> </data-source>
In the highlighted line the backend-verifies-password is set to true, this means that the backend performs password verification. If set to false the backend is expected to return the password and Curity’s credential manager will validate it.
backend-verifies-password
true
false
The example above sets up the JSON data source for credential access. Important configuration is what to name the username and password parameters in the request. These can be configured to match the backend’s requirements.
username
password
For attribute access similar configuration can be made or added to the existing data source:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
<data-source> <id>CredentialDS</id> <json xmlns="https://curity.se/ns/conf/data-access/json"> <web-service-client> <hostname>localhost</hostname> <port>7777</port> <context>/json-ds</context> <http-client>trustStoreHttpClient</http-client> </web-service-client> <attributes> <parameter> <provide-as>query-parameter</provide-as> <username-parameter>subject</username-parameter> </parameter> <parameter-mappings> <parameter-mapping> <parameter-name>parameter-orgid</parameter-name> <use-value-of-attribute>orgid</use-value-of-attribute> </parameter-mapping> <parameter-mapping> <parameter-name>parameter-token</parameter-name> <use-value-of-attribute>attributes-token</use-value-of-attribute> </parameter-mapping> </parameter-mappings> </attributes> </json> </data-source>
For bucket access, there are three operations - fetch, store and clear - which can be configured individually.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
<data-source> <id>JsonDS</id> <json xmlns="https://curity.se/ns/conf/data-access/json"> <web-service-client> <hostname>localhost</hostname> <port>7777</port> <context>/json-ds</context> <http-client>trustStoreHttpClient</http-client> </web-service-client> <buckets> <fetch> <method>get</method> <url>/buckets?subject=:subject&purpose=:purpose</url> </fetch> <store> <method>put</method> <url>/buckets?subject=:subject&purpose=:purpose</url> </store> <clear> <method>delete</method> <url>/buckets?subject=:subject&purpose=:purpose</url> </clear> </buckets> </json> </data-source>