REST Security Classes and Entities
The REST security classes are summarized in the following table. (For details, see
Class | Description |
---|---|
JadeRequiredClaimAnnotation |
Abstract class that represents an annotation on a JadeRestService REST API method |
JadeRequiredDelegateClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
JadeRequiredOneOfValueClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
JadeRequiredSingleValueClaimAnnotation | Represents an annotation on a JadeRestService REST API method |
JadeJWTModel | Abstract grouping class for JSON Web Token (JWT) classes |
JadeJWKSAuthProviderResponse | Can be used as the first parameter to the parse method of the JadeJson class |
JadeJWTClaim | Represents one claim in a JSON Web Token |
JadeJWTParser | Contains type methods used for parsing JSON Web Tokens |
JadeJWTValidator | Contains type methods used for validating the signature of JSON Web tokens |
JadeJsonWebKeySetReader | Provides methods to obtaining the public key from a JSON Web Key Set that is used to validate asymmetrically‑signed JSON Web Tokens (JWTs) |
JadeJsonWebToken | Represents a symmetrically-signed JSON Web Token that can be used by a JADE REST service to generate authorization tokens for its clients |
To increase REST service security, use one of the following jadeDevelopmentFunctionSelected function security hooks.
Task Name | Entity Name | Description |
---|---|---|
applyRestSecurity | Schema‑name::type‑name::method‑name | Applies security to a REST Service method |
importOpenAPI | Schema-name | Imports (adds) an OpenAPI specification |
removeOpenAPI | Schema-name | Removes an OpenAPI specification |
In addition, the:
-
JadeRestService class provides the following methods
-
addBearerToken, which adds a bearer token (for example, a JSON Web Token) to the REST request
-
fetchJWT, which returns the bearer token from the Authorization: Bearer HTTP header of the incoming REST request
-
fetchSecret, which returns the secret with which to validate symmetrically‑signed tokens
-
getTargetMethod, which gets the name of the method targeted by the incoming REST request
-
validateShadowMethod, which returns true if the method is a valid shadow method of a REST service method
-
validateToken, which validates a JSON Web Token against the required claims associated with the specified method
-
-
JadeRestService class provides the following class constants
-
EncryptionAlg_HS256
-
EncryptionAlg_HS384
-
EncryptionAlg_HS512
-
EncryptionAlg_RS256
-
ServerVariable_AllHttp
-
ServerVariable_AllRaw
-
ShadowMethodPrefix
-
-
JadeHTTPConnection class provides the following class constants
-
AuthType_Basic
-
AuthType_Bearer
-
HttpResponse_Created
-
HttpResponse_Forbidden
-
HttpResponse_NotFound
-
HttpResponse_Success
-
HttpResponse_Unauthorized
-
-
TimeStamp primitive type provides the following constant and methods.
-
UnixEpoch constant
-
getSecondsFromUnixEpoch method, which returns the number of seconds between the Unix epoch and the timestamp
-
setFromUnixEpoch method, which sets the timestamp by adding the specified number of seconds to the Unix epoch
-
2020.0.01 and higher