Passing in a User Token for a REST Web Service
We have been using web services in Peoplesoft that are accessible via a SOAP request using external CAS authentication. Using the WS-Security model we pass in the following in the SOAP header to identify the Peoplesoft operator that is running the web service.
<wsse:UsernameToken>
<wsse:Username>dhorneut</wsse:Username>
</wsse:UsernameToken>
The security for the service operation is based on the permission list assigned to the user. This also allows us to use the operator for row level security in order to return the data relevant for any particular user.
I have not found any documentation or information that allows this same functionality for REST web services. The only way I have been able to apply security is to use username/password, basic authentication options, etc. on the service operation which ultimately applies Peoplesoft security which we are not maintaining since our security to PeopleSoft is based on CAS Authentication. Passing in the username token works for online access to PIA as well as SOAP based web services; but doesn't seem to apply to REST web services. Is this functionality not yet available? If so, please describe how you would send
<wsse:UsernameToken>
<wsse:Username>dhorneut</wsse:Username>
</wsse:UsernameToken>
The security for the service operation is based on the permission list assigned to the user. This also allows us to use the operator for row level security in order to return the data relevant for any particular user.
I have not found any documentation or information that allows this same functionality for REST web services. The only way I have been able to apply security is to use username/password, basic authentication options, etc. on the service operation which ultimately applies Peoplesoft security which we are not maintaining since our security to PeopleSoft is based on CAS Authentication. Passing in the username token works for online access to PIA as well as SOAP based web services; but doesn't seem to apply to REST web services. Is this functionality not yet available? If so, please describe how you would send
4