Modeling secure Ajax services
To ensure that the Ajax services that you model are secure, you must add authorization checks to the service implementation.
Before you begin
To perform this task, you must be in the IBM® Process Designer desktop editor.
About this task
- Use the optional checkAuthorization Boolean
flag that some JavaScript APIs provide. If checkAuthorization is
set to true, the authorization check is delegated
to the JavaScript API, and only information that the current user
is authorized to access is returned.
instance.retrieveTaskList(properties, maxRows, beginIndex, timezone, true); // authorization is done by JS API
- Use the getAvailableActions() method on a
resource to determine whether the current user is authorized to perform
a specific action. Continue only if the specified action is shown
in the result.
var actions = instance.getAvailableActions(); if (actions != null) { for (var i = 0; i < actions.length; i++) { if (actions[i] == "ACTION_VIEW_INSTANCE") { // do whatever you want to secure, // e.g. retrieve instance-specific information } } }
- Check the user's group membership to determine the user's authorization.
var group = tw.system.org.findParticipantGroupByName(roleName); if (tw.system.user.isInParticipantGroup(group)) { // do whatever you want to secure, // e.g. retrieve team information }
Securing the start of the Ajax services
About this task
Tip: The startService REST API is one of the IBM BPM REST
APIs that are exposed through the IBM MobileFirst generic
adapter. For more information, see REST APIs exposed through the MobileFirst adapters.
Procedure
To specify an Ajax service that can be started from a task implemented by an external implementation, complete the following steps:
- In Process Designer, create an external implementation. See Creating an external implementation.
- In the properties view of the external implementation, under Ajax Services, select Authorize Ajax Services.
- Click Add and, from the list of available Ajax services, select a service that can be started from the task implemented by this external implementation. The selected service is added to the Ajax Services list.
Results
- Only the Ajax services that are associated with the specified external implementation can be started.
- The callerTaskId is a mandatory parameter in the startService REST API, and the external implementation must list the Ajax service to be started.
- For the specified task, Ajax services that are called from a context other than an external implementation cannot be started.