1.  Home
  2. MIDRANGE-L
  3. June 2025

Re: OAuth2 authentication with hosted web service

Agree with Jon. I have recently developed Web APIs that go through APACHE
on the IBMi, I don't need Java before that at all.
My fence is a Kong server and what it does is manage the security things
before "forwarding" the request to the IBMi. If Kong is a Java
implementation, well, that is not my concern, I just have to tweak
configurations and let it do its job.

My opinion too.
JS


El mié, 11 jun 2025 a las 11:47, Jon Paris (<jon.paris@xxxxxxxxxxxxxx>)
escribió:

I wasn't talking about a shortcut Marco. Merely suggesting that being
forced to use Java for the purpose of implementing the authentication
process was a little strange for a tool that enables the deployment of
regular RPG programs as web services.

I've implemented OAuth2 and JWT-type authentication in RPG code and could
repurpose that - why should I have to implement it in Java?

I know that I could do as Nadit suggests and write only enough Java just
to call the RPG code - my point was why doesn't IBM supply that stub? They
are much better equipped to do so than the target audience of IWS.


Jon Paris
Jon.Paris@xxxxxxxxxxxxxx



On Jun 11, 2025, at 6:20 PM, Marco Facchinetti <
marco.facchinetti@xxxxxxxxx> wrote:

Jon I think an RPG programmer is the least suitable technical person in
the
universe to handle security. Every request that comes into IWS has to go
through a firewall (Network, proxy, Waf or NGFW but a firewall), any
other
shortcut is just trouble.

My opinion, of course.
--
Marco Facchinetti

Mr S.r.l.

Tel. 035 962885
Cel. 393 9620498

Skype: facchinettimarco


Il giorno mar 10 giu 2025 alle ore 23:06 Jon Paris <
jon.paris@xxxxxxxxxxxxxx>
ha scritto:

It's a great pity that it has to be in Java. Since IWS' role in life is
to surface RPG code with Java hidden in the background, it makes no
sense
to me to have to write this exit code in Java. Why not allow RPG code
to be
called?


Jon Paris
Jon.Paris@xxxxxxxxxxxxxx



On Jun 10, 2025, at 8:29 PM, Nadir K Amra <amra@xxxxxxxxxx> wrote:

In the IWS server, you have the option to insert a trust authentication
interceptor (TAI). It a piece of user-defined Java code that gets
called
for protected web services. In this code you have access to the HTTP
request data, and you can do anything you want.

See https://www.ibm.com/support/pages/node/6396908

-----------------------------------------------
Nadir Amra
e-mail: amra@xxxxxxxxxx


From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of
Darren Strong <darren@xxxxxxxxx>
Date: Tuesday, June 10, 2025 at 2:09 PM
To: midrange-l General Questions (midrange-l@xxxxxxxxxxxxxxxxxx) <
midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] OAuth2 authentication with hosted web service
We've been asked to setup a webservice for a vendor to call and get
some
data from our IBM I server. Setting up the webservice to do this was
fairly straightforward, but we'd like to use more than the "Basic"
authentication available (username/password) with the integrated web
server
wizard (IWS). Do you have any experience or links explaining if and how
IBM i can support this?


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.