REST Beginner Question

Hello,

I am taking some intro lessons in REST from the online courses. Below is a very simple code i wrote. But when i try to see the output by entering the url

http://localhost:57773/rest/coffeemakerapp/coffeemaker i get an error "

This page isn’t working

If the problem continues, contact the site owner.

HTTP ERROR 401

Thanks,

Jimmy

Class demo.CoffeeMakerRestServer Extends %CSP.REST
{
XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap" ]
{
<Routes>
<Route Url="/coffeemaker" Method="GET" Call="GetCoffeeMakerInfo"/>
</Routes>
}

ClassMethod GetCoffeeMakerInfo() As %Status
{
Set tArr=[]
Do tArr.%PUSH({
"img": "txt",
"Name": "Best"
})
Write tArr.%ToJSON() 
Quit $$$OK
}
}

  • 0
  • 0
  • 308
  • 5
  • 1

Respuestas

Hi Jimmy!

401 means that Authenticated user is not authorized to reach the server.

To prove the fact you could grant the application a %ALL role (the second tab) and this should work then.

 

I would suggest that adding the %All role, though it would work, is a bit like crushing a nut with a sledgehammer. It effectively opens the door to any unwanted intruder to gain access the Cache/Ensemble/IRIS. For the purposes of a demo test application %All role will work however the deve;loper should be aware that there are more appropriate security mechanisms available to handle user authentication.

Thank you Nigel for the suggestions. Agreed, but since this is just a standalone training env, and for now i only want to have a hands on REST development, i think assigning %All role should be fine to see the output of the code ! Security will be my next hands on once i am familiar with the REST architecture.

Hello Evgeny,

Yes this worked perfectly. I think i did select %ALL role, but did not click on assign but only SAVED it.

Thank you for all your help. But looks like at some point once i familiarize myself with this web and rest app build, i will need to learn more about security..

Thanks,

Jimmy Christian.

Comentarios

You could also try a tool like Postman to test service calls and authentication methods.  If you tick the Password checkbox it enables Basic authentication (plain text username/password) is enabled. You can  also use bearer tokens instead, which is a popular authentication scheme.

While authentication/authorization isn't really covered in great detail, REST and Relaxation is a good starting point for REST development and it comes with a video and source code.

You should also double-check your URL is correct and resource permissions are correct. You probably only need permissions on the ENSEMBLE namespace and there might be a resource that defines this. Your URL is probably something like http://yourserver/rest/coffeemakerapp/coffeemaker

Thank you Stephen. I will check the link you provided for more understanding on REST.