implementing and securing openedge rest service interfaces

Implementing and Securing

OpenEdge REST Service

Interfaces

Solution Engineers @ Progress

29-10-2019

Conor Patten & Ruben Dröge

2© 2019 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.

Workshop Agenda

▪ REST Overview

▪ REST Techniques in OpenEdge

▪ Data Object Services

• Business Entity for a database table

• Business Entity from a prodataset schema

• Calling custom logic from Data Object Services

▪ Web Handler Services

• Creating a new Web Handler

• Creating a “custom” Web Handler

▪ Securing REST Services

▪ Data Object Handlers


REST Overview?


Hypertext Transfer Protocol (HTTP) is a method for encoding and transportinginformation between a client (such as a web browser) and a web server. HTTP is the primary protocol for transmission of information across the Internet.

HTTP follows a request-response paradigm in which the client makes a request and the server issues a response that includes not only the requested content, but also relevant status information about the request.

Using HTTP and HTML, clients can request different kinds of content (such as text, images, video, and application data) from web and application servers that host the content.

HTTP resources such as web servers are identified across the Internet using uniqueidentifiers known as Uniform Resource Locators (URLs).

What is HTTP?

https://www.nginx.com/resources/glossary/http/

https://www.nginx.com/resources/glossary/http/


Understood as HTTP with strong* constraints

▪ Named resources: resources are named using a URL

▪ Uniform interface: all resources accessed via generic interface (GET/PUT/POST/DELETE)

▪ Interconnected resource representations: the representations of the resources are inter-connected using URLs

▪ Stateless: each request must contain all the information necessary to understand the request; cannot take advantage of any stored context on the server

https://martinfowler.com/articles/richardsonMaturityModel.html

What is REST?

REST = REpresentational State Transfer

REST is an architectural style for network based software that requires stateless, cacheable, client-server communication via a uniform interface between components.

https://martinfowler.com/articles/richardsonMaturityModel.html


OERA

Presentation (UI) Enterprise Services (API)

Domain Services (*aaS)

Business Components

Data Access

Data Sources

Workflow Tasks Entities

Service InterfacesC

om

mo

n

Infra

stru

ctu

re


REST Use Cases

▪ Modern web interfaces

▪ Mobile apps

▪ Next big thing… Chat bots, Digital Voice Assistants

▪ Application integration: Public and Partner APIs

• Custom REST

• Standardized REST (OData)

▪ Application modularization

• Private Microservice interfaces (can be REST)

▪ BI, Reporting, Analytics

• Particularly standardized REST (OData)


Why care about Service Interfaces?

There are different flavors of REST. Different use cases may require

different styles of REST APIs and Service Interface approaches…

▪ Kinvey Studio and Nativescript require a Data Service Catalog

▪ B2B REST APIs may require custom headers, query string support

▪ Some REST clients want ‘standards compliance’ (SFDC, Dynamics, BI…)

▪ ABL applications have various approaches for providing one

• By server architecture

• By target use case

• By development approach (product, services)


Service Interfaces

▪ Service interfaces provide the translation layer between a request and the underlying business services

• Route requests

• Compose responses

• Error handling

▪ Provide authentication and authorization

▪ Translate input / output formats to and from domain model

• JSON/XML/text into ProDataSet/Temp-Table/objects

• Data validation

▪ Service interfaces are NOT business domain services or logic (like tax calculations, master data maintenance, order entry, etc.)

• It doesn't matter if you use OE Business Entities, PMFO Business Services or any other form of business logic

▪ Can be multiple Service Interfaces to the same backend business services


REST Options in OpenEdge 12.0

▪ Data Object Catalog

▪ Custom/DIY WebHandler

▪ Data Object Handler WebHandler

▪ OData view of OpenEdge DB (using Hybrid Data Pipeline)

▪ OData view of OpenEdge REST API (using HDP + ‘Autonomous

Rest Connector’)


Workshop Environment


Accessing Your Arcade ImageHost IP Address:_______________________________________

User Name: \administratorPassword: NEXT2018!


Desktop Shortcuts


Exercise 1 – Business Entity from a Table


Service Interface Approaches

Data Object (WebHandler)

WebHandler

a

b

11.2.0 11.3.0 11.4.0 11.5.0 11.6.0 11.6.3

DataObjectHandlerc

• As of 11.6.3

• Annotate certain methods (w/

particular signatures)

• Quite prescriptive

• More flexibility in mapping

• Uses WEB transport

• Requires PAS for OpenEdge

• Creates Data Service Catalog as

public API


Service interfaces

PASOE Architecture (11.6+)

Tom

cat

Web S

erv

er

Business logic (ABL)

SpeakerBE.cls

TalksBE.cls

REST ADAPTER

Transport /rest

Tech Java

Config .paar file

Artifacts .paar file

• Transform

data

• Validation

• Request &

response

• Route

requests

• Error handling

PASOE Server Instance

WEB HANDLER

Transport /web

Tech ABL

Config openedge.properties

Artifacts ABL classes

Service Interface (ABL)

EmployeeWebHandler.cls


Create New ProjectNEXT_dataObjSvc


Create New OpenEdgeProject


Project Settings


Service Deployment


Service Naming


PropathSettings


Database Settings


New Project Created


Create New Business Entity From a Database Table


New Business Entity


Create Business Entity Class


Business Entity From a Table


SpeakerBE.cls


speakerbe.i


Deploy to PASOE


Deploy as a Service


Test the new Service


Test in Chrome


Read Speakers in Insomnia


Create Speaker in Insomnia


Create New Business Entity From a Prodataset Schema


Use include file instead of database table


Create Business Entity


Select Schema from file


Select dsTalkprodataset


Define Data Sources


Check Syntax and Compile


Deploy to Service


Test New Business Entity From a Prodataset Schema


Test in Chrome


Test in Insomnia


Create Talk


Read Talks


Calling Custom Logic


Custom1.txt


Locate Code


Paste Code


new_talk.p


create_talk


Test(remove id)


Test invalid speaker


Test valid speaker


custom2.txt


ReadTalksBE


Updated code


read_talks.p


Testing Custom Logic


Test


Web Handler


WebhandlerProject


Test Web Handler


Test WebhandlerProject


HandleGet


Delete Service


Create Service


Declare Class


Resource URIs


TalksHandler


/talks/{talk-id}


read_talks.p


Test


/talks


custom3.txt


Updated code


Test


Create new talks


custom4.txt


TalksHandler


Test


Header Tab


/web/talks


Securing Your REST Services


users.properties


oeablSecurity.properties


oeablSecurity.csv


Restart PASOE


Test SpeakerBE

http://localhost:8810/NEXT_dos/web/pdo/dos/SpeakerBE



Test SpeakerBE




Test TalksBE

http://localhost:8810/NEXT_dos/web/pdo/dos/TalksBE



Test TalksBE




Test TalksBEwith James/Bond




oeablSecurity.properties.README


Data Object Handler


conf.map


URIs


openedge.properties

implementing and securing openedge rest service interfaces

Documents