REST Service Security
RESTful web services APIs can be secured; that is, so a URL can be consumed only by those providing authentication.
JADE provides the ability to restrict JADE REST APIs so that only clients with a valid bearer token can consume the API. In addition, an API developer can customize the rules on what constitute a valid token to meet your requirements.
REST service security allows for the validation of token signatures, including Asymmetrical tokens (for example, RS256) signed from third‑party Auth providers. It also allows for the generation of Symmetrical tokens (for example, HS256) and the association of required claims such as access level or token expiry against specific REST service methods.
The supported token is JSON Web Token (JWT) – an open standard tracked by RFC 7519. The JWT standard defines a compact and self‑contained way for securely transmitting information between parties represented as a JSON object.
The Add JSON Web Token Claims dialog enables you to specify the claims that must be present in a JSON Web Token in order to access a JADE REST API method. As long as one or more required claims are associated with a method, any incoming REST request must include a JSON Web Token in the authorization header of the HTTP request; that is, it must include a header of the form Authorization: Bearer <Token>. For details, see "
REST security classes are summarized in the following table. (For details, see
Class | Description |
---|---|
JadeRequiredClaimAnnotation |
Abstract class that represents an annotation on a JadeRestService REST API method |
JadeRequiredDelegateClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
JadeRequiredOneOfValueClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
JadeRequiredSingleValueClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
JadeJWTModel | Abstract grouping class for JSON Web Token (JWT) classes |
JadeJWKSAuthProviderResponse | Can be used as the first parameter to the parse method of the JadeJson class |
JadeJWTClaim | Represents one claim in a JSON Web Token |
JadeJWTParser | Contains type methods used for parsing JSON Web Tokens |
JadeJWTValidator | Contains type methods used for validating the signature of JSON Web tokens |
JadeJsonWebKeySetReader | Provides methods to obtaining the public key from a JSON Web Key Set that is used to validate asymmetrically‑signed JSON Web Tokens (JWTs) |
JadeJsonWebToken | Represents a symmetrically-signed JSON Web Token that can be used by a JADE REST service to generate authorization tokens for its clients |
JadeJsonWebKeySetReader | Provides methods to obtaining the public key from a JSON Web Key Set that is used to validate asymmetrically‑signed JSON Web Tokens (JWTs) |
JadeJsonWebToken | Represents a symmetrically-signed JSON Web Token that can be used by a JADE REST service to generate authorization tokens for its clients |
The
-
AuthType_Basic
-
AuthType_Bearer
-
HttpResponse_Created
-
HttpResponse_Forbidden
-
HttpResponse_NotFound
-
HttpResponse_Success
-
HttpResponse_Unauthorized
The
-
UnixEpoch constant
-
getSecondsFromUnixEpoch method, which returns the number of seconds between the Unix epoch and the TimeStamp
-
setFromUnixEpoch method, which sets the TimeStamp by adding the specified number of seconds to the Unix epoch
2020.0.01 and higher