RAM OSLC REST: Am I authenticated?
How can I check that I am authenticated while using the OSLC REST Service to RAM?
|
Accepted answer
There is no way to easily determine this. RAM itself doesn't tell you. This is just standard HTTP protocol. And standard HTTP protocol has no standard way of knowing this. All it does is it goes to the host and the host will send back an error code indicating not authenticated and it needs to be authenticated. Not all REST access requires authentication. A lot of it can be done anonymously, and only when you try to access something that requires authentication will the host determine if you are authenticated or not and will return an error indication authentication is needed. But there are no standard headers indicating that you are already authenticated.
Rich Kangkan Goswami selected this answer as the correct answer
Comments
Kangkan Goswami
commented Jun 21 '12, 12:45 a.m.
@RichardKulp: Thanks a lot. I was expecting something similar to that of RRC. When the client is not authenticated, RRC provides this header "x-com-ibm-team-repository-web-auth-msg" with value "authfailed". |
4 other answers
Authentication is not done on the (REST) service, but rather on the HTTP protocol. If you users ram.ws, you will be using basic authorization ... in this case, IF authorization is needed by the RAM server, and you are not authorized, then a 401 will be returned .. you will then need to send an Authorization header back.
In the case of form based, when/if authorization is needed by the RAM server, it will route you to a login page. Login information is help as part of your session on the server (pointed to by your session cookie). |
If you're using the web services path you can add RAMSecure to the URL and it will force you to authenticate if you're not already authenticated.
https://server/ram.ws/RAMSecure/ Comments
Kangkan Goswami
commented Jun 19 '12, 9:48 a.m.
@SheehanAnderson: Reading my post carefully could help. I am talking about the REST service. This means, I shall expect some header in the response to know that I am not yet authenticated. Can you please update your answer accordingly? |
Basically Gili is saying, there is no way to know from just looking at the headers whether you are authenticated or not. That information is not sent in the response. The session cookie does not mean you are authenticated, it simply means a session (which can be anonymous) has been established with the host.
|
As Rich noted ... authentication information (who you are) is part of your session. RAM does not require one to authenticate ... as many resources may not need that. Only if you try to access something, and have no permission, RAM will start an authentication protocol (e.g., Form, oAuth ... etc.).
Sheehan mentioned above, that you can force that authentication dance by going to RAMsecure |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.