Consuming interface based services from the browser

moctes · 2014-02-16 17:15:38

Hi to all,

I am now studying how to consume the interface based services from the browser (or Javascript for that matter), I am looking for the simplest way to consume the services from the Calculator service without authentication, so without writing any line of code I did the following:

1. Compile and run Project14ServerHttpWeak
2. Open the browser (chrome) and go to the address: http://localhost:888/root/Calculator/Add?n1=1&n2=2 ( Tried also with: ...Calculator.Add?n1=1&n2=2 )

I'm getting error code 403 Forbidden, so clearly I'm missing something, such error doesn't exist with e.g. Sample 04.

I'm not an expert on web programming hence I want to start from the simplest way and then adding complexity, I can see the following line of code on the server project and I thought it was all that was needed :

      aServer.AuthenticationRegister(TSQLRestServerAuthenticationNone);

Is there anything else that should be done in order to consume this service on the browser without authentication? I just want to type the URL and see the response from the server is it possible?

Regards,
Mocte

warleyalex · 2014-02-16 20:43:20

Type into the address bar:
http://localhost:888/root/Calculator.Add?[12,50]
http://localhost:888/root/Calculator.Add?+%5B+1%2C2+%5D
In the above line, +%5B+1%2C2+%5D will be decoded as [1,2] on the server side.

moctes · 2014-02-16 21:06:40

Thank you Alex for answering, unfortunately none of them gives the result, still getting 403 Forbidden, seems like it is some kind of permission is missing? or it was not intended to be used this way.

warleyalex · 2014-02-16 21:56:32

403 Forbidden

Sorry, I didn't read "weak authentication". 403 error means that you need a valid authentication.
http://blog.synopse.info/post/2013/06/0 … horization

moctes · 2014-02-16 23:34:29

Thanks for the link Alex it is crystal clear now, I suppose it is time to read again those parts of the SAD document.

moctes · 2014-02-17 02:35:08

Not so fast ;-)

I understand I can disable authentication following this instructions :

You can use TSQLRestServer.ServiceMethodByPassAuthentication() to disable the need of a signature for a given service method - e.g. it is the case for Auth and TimeStamp standard method services.

Doesn't seem to work, I added :

      // register our ICalculator service on the server side
      aServer.ServiceRegister(TServiceCalculator,[TypeInfo(ICalculator)],sicShared);

      aServer.ServiceMethodByPassAuthentication('Calculator'); //   <------ THIS

But it doesn't seem to help with what I need, when I debug the call to ServiceMethodByPassAuthentication on mORMot.pas:

procedure TSQLRestServer.ServiceMethodByPassAuthentication(const aMethodName: RawUTF8);
var i: Integer;
begin
  if self=nil then
    exit;
  i :=  fPublishedMethods.FindHashed(aMethodName);
  if i>=0 then
    fPublishedMethod[i].ByPassAuthentication := true;
end;

fPublishedMethods.FindHashed always return a negative number and then then ByPassAuthentication is always false also used 'Add' as method without success

Any hint?

ab · 2014-02-17 06:58:00

ServiceMethodByPassAuthentication() is to by-pass authentication for a method-based service.
As its name states, and documentation.

For interface-based services, as stated by the doc in the "17.7.1. Security" paragraph:

By default, all services and operations (i.e. all interfaces and methods) are allowed to execution.
Then, on the server side (it's an implementation detail), the TServiceFactoryServer instance (available from TSQLRestServer.Services property) provides the following methods to change the security policy for each interface.

Take a look at TServiceFactoryServer.ByPassAuthentication:

    /// set to TRUE disable Authentication method check for the whole interface
    // - by default (FALSE), all interface-based services will require valid
    // RESTful authentication (if enabled on the server side); setting TRUE will
    // disable authentication for all methods of this interface
    // (e.g. for returning some HTML content from a public URI)
    // - if the authentication is by-passed for the interface, you can re-enable
    // authentication for a set of its methods by using Deny*()/Allow*() methods
    property ByPassAuthentication: boolean read fByPassAuthentication write fByPassAuthentication;

I've enhanced the documentation about interface-based services security setting - e.g. to explictly refer to TServiceFactoryServer.ByPassAuthentication.
See http://synopse.info/fossil/info/f3c36aca42
This was indeed not so clear.
Your question did make sense.
Thanks for the feedback.

moctes · 2014-02-17 17:07:14

Thank you Arnaud, just FTR I commented the following line on the sample :

      //aServer.AuthenticationRegister(TSQLRestServerAuthenticationNone);

And now the browser answers happily the requests made with this pattern:

http://localhost:888/root/Calculator/Add?n1=10&n2=10

Altough I have now the desired behavior, I still have two questions :

1. What is happening now that I commented "aServer.AuthenticationRegister"
2. Why "aServer.ServiceMethodByPassAuthentication('Calculator')" wasn't doing the job?

Please bear with me, these may be silly questions but are important for me.

ab · 2014-02-17 19:09:38

1. No authentication was enabled.

2. This method is about method-based services, not interface-based service.
See the SAD 1.18 pdf document about the difference between the 2.

moctes · 2014-02-17 22:10:59

1. No authentication was enabled.

Indeed, but I thought some kind of default behavior was running behind the scenes, anyway that is just what I needed now.

2. This method is about method-based services, not interface-based service.
See the SAD 1.18 pdf document about the difference between the 2.

I can't find any topic on the SAD comparing them, AFAICS the following comment on mORMot.pas is what can explain better what you are saying :

  TSQLRestServer = class;  // published methods = RESTful callbacks handlers

I think there should be a more prominent place describing the difference between method-based services vs interface-based services, or maybe I need better glasses

Regards

Last edited by moctes (2014-02-17 23:46:14)

ab · 2014-02-18 06:54:22

There are diverse chapters, with full explanations and code sample in the SAD document!
Don't know how to make it more clear.

moctes · 2014-02-18 16:05:23

I have to say it, you are right, you know you have a pretty large document and I did a search on it yesterday of the words "method based" and I swear I found only a few places where it was mentioned but after reading your answer I just did a new search and it is all over the place and most embarrassing is that I already read many of these pages, I don't know how happened maybe I spelled it wrong because you know english is not my native tongue, so what can I say I owe you an apology .

I have almost no time for learn mORMot but I'm on my way so I'll be doing more silly questions from time to time

Thank you for your time and patience.

ab · 2014-02-18 16:11:33

No problem!
You are welcome!
There are no silly questions, just poor answers, and sometimes duplicated questions.

I'm no native English either - just another French guy, and we are not known to be fluent in foreign languages here ! - so I confess the doc is full of approximations, mistakes, spelling issues...
Your confusion does make sense!
I just try to do my best. And am convinced good documentation is a need for a framework as feature-rich as ours.
The documentation has been updated after your remark, since there was some details missing.

Thanks for the interest and feedback.

mORMot Open Source

#1 2014-02-16 17:15:38

Consuming interface based services from the browser

#2 2014-02-16 20:43:20

Re: Consuming interface based services from the browser

#3 2014-02-16 21:06:40

Re: Consuming interface based services from the browser

#4 2014-02-16 21:56:32

Re: Consuming interface based services from the browser

#5 2014-02-16 23:34:29

Re: Consuming interface based services from the browser

#6 2014-02-17 02:35:08

Re: Consuming interface based services from the browser

#7 2014-02-17 06:58:00

Re: Consuming interface based services from the browser

#8 2014-02-17 17:07:14

Re: Consuming interface based services from the browser

#9 2014-02-17 19:09:38

Re: Consuming interface based services from the browser

#10 2014-02-17 22:10:59

Re: Consuming interface based services from the browser

#11 2014-02-18 06:54:22

Re: Consuming interface based services from the browser

#12 2014-02-18 16:05:23

Re: Consuming interface based services from the browser

#13 2014-02-18 16:11:33

Re: Consuming interface based services from the browser

Board footer