1.  Home
  2. WEB400
  3. December 2008

Re: RPG Web Service Architecture

Validation lists are another option for storing user ids and passwords. They work with basic authentication and can also be used for your own authentication. Using them is slightly more work than using a simple table but they are much, much better than user profiles since user profiles open up the potential to sign on to the box (not just green screen but via ODBC).

You can also store user credentials in LDAP (either the built in server or an external one). LDAP may be overkill for this but it does have the advantage of being usable across different servers without much effort.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Bartell
Sent: Thursday, December 11, 2008 12:32 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] RPG Web Service Architecture

What is the context of the web service (i.e. price lookup?, order
submission?). If it is going to be used outside of your company then you
will most definitely want to have some sort of credentials to identify
what party is communicating with you. Note that it doesn't have to be an
OS400 user/password but could simply be a DB2 table with user/password in
it that you chain to. The other approach would be to use HTTP Basic
Authentication (section 8.7 in book).

If you want to do SSL for the transmission (i.e. digital certificates)
then you can do that without touching your RPG programs or XML. You
simply head over to Verisign (or other preferred vendor) and purchase a
certificate by providing them with some information from your machine
(which should have been saved when SSL was first setup) and then install
the cert they give back to you on the AS400 using DCM and then associate
it with the Apache instance that is doing the XML web services.

Yet another more secure approach would be to require SSL certs on both
ends of the connection (so the client would also need to get a certificate
they would transmit to you for the handshake). Then you would allow that
certificate to communicate with your Apache server by adding it to the DCM
and then configuring it in your Apache instance. I didn't have the time
to put that process in the book :-)

Hope that helps, and thanks for purchasing my book!

Aaron Bartell
http://mowyourlawn.com
Book/TrainingCourse: www.xml4rpg.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.