Domino & REST: Accessing Domino’s Environment / Check Authentication

If we want to access Domino’s Environment, it is the ContextInfo class which gives us all we need. Everything you need to do to use the class is described in an earlier blog post.

The class gives mainly access to the following methods:

Method Description
getDataDirectory() Path to notes data directory
getEnvironmentString(String envName) Returns the environment variable
getServerDatabase() The actual database as NAPI object, if any
getServerVariable(String varName) Variables from the Request, i.e. „QUERY_STRING“
getUserDatabase() The actual database as Domino Java object, if any
getUserSession() The session of the actual user performing the request (
isAnonymous() true if the current user is Anonymous

Keep in mind that the incoming request is independently of any underlying Notes database. In our example, the URI http://your.server/dominorestservlet/helloworld/ does not run inside of a NSF, that’s why the getServerDatabase() and the getUserDatabase() methods returns null.

As a consequence, our servlet does not have any access restriction and is reachable as anonymous. If you want to access a database programatically, the „normal“ Domino access control is intervening again, but we can do the access check by ourself.

To prevent the access to the servlet, I have added a „checkAuthentication“ method to the RestApiServlet class. This method checks if the current user is a) not anonymous and b) a member of the group RESTAPIAccessAllowed. The method throws a NotAuthenticatedException which let’s the servlet return a HTTP 403.

Dieser Beitrag wurde unter Apache Wink, Jackson, Java, JEE, REST abgelegt und mit , , , , , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

2 Kommentare zu Domino & REST: Accessing Domino’s Environment / Check Authentication

  1. There’s a project called „waffle“ (https://github.com/Waffle/waffle) that contains a servlet filter to handle single sign on for Active Directory users, e.g. via NTLM tokens.

    Can be useful in this context, maybe combined with LtpaToken computation via Domino C API functions (=>Domino JNA project).

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.