REST gateway: Security configuration

To access a data grid through the REST gateway, the user must be authenticated to the WebSphere® DataPower® XC10 Appliance, regardless of whether the data grid has security enabled. The application client must always provide a basic authorization header with the authorized user ID and password in the HTTP headers of the HTTP request. To access data grids through the REST gateway, provide the user ID and password in an authorization header.

Authentication and authorization

To access to a data grid map through the REST gateway, the user or user group must be authenticated and authorized to access the specified data grid in the URI. Even if you do not have security configured on the data grid, you must configure the user group you are using to communicate through the REST gateway to have all access to the data grid. For more information about configuring access to the data grid, see Securing data grids . The application client must provide a basic authorization header with the authorized user ID and password in the HTTP headers of the HTTP request.
Authorization: Basic <base64 encoded string of “userid:password”>
For more information about the basic authorization header format, see Wikipedia: Basic access authentication.

Secured data grids

You can use the REST gateway in a secured data grid configuration. To access the secured data grids, provide the user ID and password in an authorization header. The user must be authenticated and authorized to access the specified data grid in the URI.
Table 1. Secured data grids
Permission Get Post Delete
READ X    
WRITE X    
CREATE X X  
ALL X X X

Transport security

Clients that are using the REST Gateway can use the HTTPS protocol if transport security is required. Using HTTPS instead of HTTP introduces significant additional processing burden on the WebSphere DataPower XC10 Appliance to process the request.
Parent topic: Developing data grid applications with the REST gateway
Parent topic: Security
Related concepts:
IBM WebSphere DataPower XC10 Appliance security overview
User permissions
xcadmin password
Related tasks:
Configuring IBM WebSphere DataPower XC10 Appliance user interface security
Managing users and groups
Securing data grids
Configuring Transport Layer Security (TLS)
Configuring your appliance to authenticate users with an LDAP directory
Configuring Transport Layer Security (TLS)
Related reference:
REST gateway: URI format
REST gateway: Data format
REST gateway: REST operations
REST gateway example: Inserting and getting data grid map entries
REST gateway example: Clearing data grid map entries
REST gateway example: Creating dynamic maps
REST gateway example: Time to live (TTL) expiration
REST gateway: HTTP sessions and cookies