To access a data grid through the REST gateway, the user
must be authenticated to the WebSphere® DataPower® XC10 Appliance, regardless of whether the data grid has security enabled.
The application client must always provide a basic authorization header
with the authorized user ID and password in the HTTP headers of the
HTTP request. To access data grids through the REST gateway, provide
the user ID and password in an authorization header.
Authentication and authorization
To access
to a data grid map through the REST gateway, the user or user group
must be authenticated and authorized to access the specified data
grid in the URI. Even if you do not have security configured on the
data grid, you must configure the user group you are using to communicate
through the REST gateway to have
all access to the data grid.
For more information about configuring access to the data grid, see
Enabling security for data grids . The application client must provide
a basic authorization header with the authorized user ID and password
in the HTTP headers of the HTTP request.
Authorization: Basic <base64 encoded string of “userid:password”>
For more information about the basic authorization header format,
see
Wikipedia: Basic access authentication.
Secured data grids
You can use the REST gateway
in a secured data grid configuration. To access the secured data grids,
provide the user ID and password in an authorization header. The user
must be authenticated and authorized to access the specified data
grid in the URI.
Table 1. Secured data gridsPermission |
Get |
Post |
Delete |
READ |
X |
|
|
WRITE |
X |
|
|
CREATE |
X |
X |
|
ALL |
X |
X |
X |
Transport security
Clients that are using the
REST Gateway can use the HTTPS protocol if transport security is required.