Administering sedex Web Service Proxy users
As of sedex Client version 6.0, the sedex Web Service Proxy supports a feature to restrict access to the Web services it offers, restricting end-user applications to calling only a Web service if it has a valid username and password. The valid usernames and passwords are configured in the sedex Web Service Proxy user configuration file.
The sedex Web Service Proxy user configuration file¶
Usernames and passwords are configured in the following user configuration file:
<sedex_home>/conf/sedex-wsproxy-user-configuration.properties
This excerpt from the configuration file shows two configured users:
# File: sedex-wsproxy-user-configuration.properties
[...]
example-app-1=myNewAndSecurePassword,3-CH-55438
example-app-2={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[...]1wldBVam,1-CH-2874423
[...]
The format of the entries in the configuration file is as follows:
user_name=password,sedex-id
The elements of an entry (i.e. line of the configuration file) in detail are:
-
user_name
A freely definable username that represents your application calling the sedex Web Service Proxy.
Allowed characters (no spaces): a-z A-Z 0-9 - _
-
password
The password of the user.
Allowed characters (no spaces or hyphens): a-z A-Z 0-9
-
sedex-id
The sedex ID of the physical or logical sedex participant for whom the remote Web service is called. The specific sedex ID to be used is provided either by your sedex Domain Administrator or by FSO’s sedex Customer Support.
Please note:
- Changes to the users file only become active after a restart of the sedex Client.
- Check the log file of sedex Web Service Proxy for errors or warnings after restart the sedex Client.
- New passwords can be specified in plain text.
- For security reasons, plain text passwords are automatically encrypted when the sedex Client is restarted.
-
Encrypted passwords look something like this:
{bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxgk98zwNAUWPOa1nGgot01wldBVam
-
An encrypted and forgotten password must be reset by deleting the old encrypted password (including the {bcrypt} part} and replacing it with a new password in plain text.
Add a new user¶
If a new end-user application (e.g. named «myApp») needs access to one or more Web services via sedex Web Service Proxy, a new user representing this application must be added to the user configuration file:
- Open the user configuration file in a text editor.
-
Add a line for the new user (e.g. at the end of the file):
myApp=aRandomPassword,sedexIdOfThisApplication
-
Save the configuration file
- Restart sedex Client
- Check the log file of sedex Web Service Proxy for errors or warnings
Change the password of a user¶
The password of a user can be changed as follows:
- Open the user configuration file in a text editor.
-
For the intended user change the password element as shown below.
Before (with the old encrypted password):
myApp={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[...]1wldBVam,1-CH-3322
After (with the new plain password):
myApp=aNewRandomPassword,1-CH-3322
-
Save the configuration file.
- Restart sedex Client.
-
Check the log file of sedex Web Service Proxy for errors or warnings.
Note: You should see a line indicating that a previously plain password has been encrypted.
******* Webservice-Proxy-Users - Validation and Encoding (Begin) ******* Checking if wsproxy users configuration file C:\[...]/conf/sedex-wsproxy-user- configuration.properties is valid and if it contains any plain passwords that should be encoded. Encoded a previously plain password for user myApp. The users configuration contained 1 plain passwords that had to be saved in encoded format. ******* Webservice-Proxy-Users - Validation and Encoding (End) *******