Hi, We need to secure a REST API which is used perform BPMN operations in BPS server. We are basically invoking the Activiti engine provided REST API from our Jaggery web app. Activiti REST API accepts user name password for authentication. It can be extended to support other mechanisms.
Currently we are using HTTP basic authentications for this by keeping the username and password. However, this method is not clean since we have keep the password stored for subsequent API calls other then the login at the front end. Therefore we are thinking of moving to a session based authentication method. We can get the Java session id using Authentication Admin service and send JSESSION ID with headers of subsequent rest calls. I tried to find a way to get the JSESSION ids validated from carbon, but I could not find such facility. Is there an API from carbon to get this done ? Is there any other options available to solve this problem properly. Appreciate any comments. Thanks, Waruna -- Regards, Waruna Lakshitha Jayaweera Software Engineer WSO2 Inc; http://wso2.com phone: +94713255198
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
