how to log USerID used fo invoking for a REST webservice in webmethods 9.5

Priya_Bhauka · July 28, 2014, 10:14am

Hi All,

I wanted to find out if its possible to find the user name with which a service was invoked by a user outisde the home network.

For ex: If a customer directly invokes the service (userid and password as set as a user and in the ACL too), the service invocation is also successfull, but is there a way to find out in the body of the service, the username with which that instance was invoked ?

Also, I had a related question : If we have created an HTTP port with specific allowed list of services that can be invoked, which are further governed by ACL&user name settings, is it possible to get the user name authentication done at the invoke level on the IS by means of userid n password parameters present in the URL of the service being called?
My service is a REST service and i want to know if it is possible that if invoke authentication can be achieved by the input parameters in the service signature? If yes, how?

Thanks,
Priya

rmg · July 28, 2014, 4:10pm

No in any case if you want to by pass the user/pwd authentication then you need to use HTTPs/SSL certs pass thru to avoid auth from invoking IS URL.

HTH,
RMG

Akshith_Arremreddy · July 28, 2014, 7:29pm

You can find the IS username being used to call the service by invoking below code in a Java service. Maybe SAG gave something out of the box to get this info in latest 9.x versions.

Session session = Service.getSession();
User userName=session.getUser();

This again goes back to your first question. Yes you can do that but this is not provided out of the box, you will have to build something which will capture the username and do a look up in an internal DB or something else for matching password grabbed from session. Also, if you are sending username\password in the URL how are you going to provide the logout functionality?

If you are on 9.x explore the oAuth functionality provided out of the box in IS.