Access Protected REST Service Resources based on Token

SuperMap iServer Web Manager provides security module to allow users to implement the access control on services through user identity authentication and authorization. When users Enable Service Security, services are protected and only authenticated roles can Access Protected Services resources.

Besides, SuperMap iServer provides another Token based user identity authentication mechanism to enable users to provide Token to access protected service resources, without need of user name and password. Users can Acquire Token according to valid user name and password, and then access corresponding authorized services with Token. All resources of GIS services (For details, please refer to GIS Services Resource Hierarchy), OGC services and service management (Service Management Resource Hierarchy) can be accessed through Token. Users only need to add a token parameter while accessing the resources. One thing need to notice is that the token parameter needs to be carried while accessing any protected services.

Example usage

1. Access map-china400/rest service:

http://localhost:8090/iserver/services/map-china400/rest.rjson?token=NZkILm9Tl2FGzwK_nUh9krlHOtO0ds83lDoARA85_rMveuTyK0TyGcYV-5rn3wUYE-MSNPlw6wKnewy8jek_JQ..

2. Access map tile acquired through the tileImage resource:

http://localhost:8090/iserver/services/map-china400/rest/maps/China/tileImage.png?token=NZkILm9Tl2FGzwK_nUh9krlHOtO0ds83lDoARA85_rMveuTyK0TyGcYV-5rn3wUYE-MSNPlw6wKnewy8jek_JQ..

3. Quickly Publish GIS Service (Through REST API)

4. Register Services (Through REST API)

REST API of SuperMap iPortal provides the capability of registering services, which can be realized through POST Request of services.

For all the securedresources in portal, authentication information needs to be carried while accessing resource in the REST method. For example, Cookie information can be carried in the HTTP request head, or protected REST service resources can be accessed based on Token. Cookie information can be acquired whiling logging and Token can acquired through the token resource.

User name and password are not needed for registering single services through the services resource. Only the token is needed to be carried token=9jD451OhUlsDSJkJe9Wb34AkFS5k8I6FMy2UriguJkS2X-qXofeME0gSDTgW6003REFso7YhS3E5TNdzUoQWXg...

Send the POST request on the services resource:

http://localhost:8090/iportal/web/services.rjson?token=9jD451OhUlsDSJkJe9Wb34AkFS5k8I6FMy2UriguJkS2X-qXofeME0gSDTgW6003REFso7YhS3E5TNdzUoQWXg..

Register a SuperMap REST service and pass in request body in rjson as follows:

{

    "type": "SUPERMAP_REST",

    "tags": [

        "China"

    ],

    "authorizeSetting": [

        {

            "entityName": "GUEST",

            "entityType": "USER",

            "permissionType": "READ"

        }

    ],

    "metadata": {

        "mdContact": {

            "rpIndName": "",

            "rpOrgName": "",

            "rpPosName": "",

            "rpCntInfo": {

                "cntAddress": {

                    "delPoint": "",

                    "city": "",

                    "adminArea": "",

                    "postCode": "",

                    "country": "",

                    "eMailAdd": ""

                },

                "voiceNum": "",

                "faxNum": ""

            }

        },

        "dataIdInfo": {

            "dataIdent": {

                "idCitation": {

                    "resTitle": "map"

                },

                "idAbs": ""

            }

        },

        "distInfo": {

            "onLineSrc": {

                "linkage": "http://192.168.112.217:8090/iserver/services/map-china400/rest"

            }

        }

    }

}

Where:

• type: Required parameter, the type of the service needs to be registered. Currently, users are allowed to register services such as REST services, OGC services (WMS, WMTS, WFS, WCS, WPS), ArcGIS REST services and services of other types.
• tags: Required parameter, the tag of the service needs to be registered.
• authorizeSetting: Required parameter, the permission type of the service needs to be registered, including DELETE (only register of the service can view/edit/delete), READ (all users or specified users can view).
• metadata: Metadata of the service needs to be registered, where resTitle (the service name) and linkage (the service address) are required paramters.

The registered service returned from the server after implementing the above POST request would be as follows:

{

    "newResourceID": "115",

    "newResourceLocation": "http://localhost:8090/iportal/web/services/115",

    "succeed": true

}

Is the ID and address of the service needs to be registered. Now auditing from the administrator is still needed. Only after auditing, the service can be registered into iPortal.

Users can apply for Token in different representation formats through REST API. For more details, please refer to tokens resource.