REST Security Classes and Entities
The REST security classes are summarized in the following table. (For details, see
| Class | Description |
|---|---|
|
JadeRequiredClaimAnnotation |
Abstract class that represents an annotation on a JadeRestService REST API method |
| JadeRequiredDelegateClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
| JadeRequiredOneOfValueClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
| JadeRequiredSingleValueClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
| JadeJWTModel | Abstract grouping class for JSON Web Token (JWT) classes |
| JadeJWKSAuthProviderResponse | Can be used as the first parameter to the parse method of the JadeJson class |
| JadeJWTClaim | Represents one claim in a JSON Web Token |
| JadeJWTParser | Contains type methods used for parsing JSON Web Tokens |
| JadeJWTValidator | Contains type methods used for validating the signature of JSON Web tokens |
| JadeJsonWebKeySetReader | Provides methods to obtaining the public key from a JSON Web Key Set that is used to validate asymmetrically‑signed JSON Web Tokens (JWTs) |
| JadeJsonWebToken | Represents a symmetrically-signed JSON Web Token that can be used by a JADE REST service to generate authorization tokens for its clients |
To increase REST service security, use one of the following jadeDevelopmentFunctionSelected function security hooks.
| Task Name | Entity Name | Description |
|---|---|---|
| applyRestSecurity | Schema‑name::type‑name::method‑name | Applies security to a REST Service method |
| importOpenAPI | Schema-name | Imports (adds) an OpenAPI specification |
| removeOpenAPI | Schema-name | Removes an OpenAPI specification |
In addition, the:
-
JadeRestService class provides the following methods
-
addBearerToken, which adds a bearer token (for example, a JSON Web Token) to the REST request
-
fetchJWT, which returns the bearer token from the Authorization: Bearer HTTP header of the incoming REST request
-
fetchSecret, which returns the secret with which to validate symmetrically‑signed tokens
-
getTargetMethod, which gets the name of the method targeted by the incoming REST request
-
validateShadowMethod, which returns true if the method is a valid shadow method of a REST service method
-
validateToken, which validates a JSON Web Token against the required claims associated with the specified method
-
-
JadeRestService class provides the following class constants
-
EncryptionAlg_HS256
-
EncryptionAlg_HS384
-
EncryptionAlg_HS512
-
EncryptionAlg_RS256
-
ServerVariable_AllHttp
-
ServerVariable_AllRaw
-
ShadowMethodPrefix
-
-
JadeHTTPConnection class provides the following class constants
-
AuthType_Basic
-
AuthType_Bearer
-
HttpResponse_Created
-
HttpResponse_Forbidden
-
HttpResponse_NotFound
-
HttpResponse_Success
-
HttpResponse_Unauthorized
-
-
TimeStamp primitive type provides the following constant and methods.
-
UnixEpoch constant
-
getSecondsFromUnixEpoch method, which returns the number of seconds between the Unix epoch and the timestamp
-
setFromUnixEpoch method, which sets the timestamp by adding the specified number of seconds to the Unix epoch
-
2020.0.01 and higher
