NFM-T is a secured application. Before accessing any REST services, external application needs to authenticate itself to 1350 application using below seven steps Authentication REST APIs.
API Function |
HTTP Method |
URL |
---|---|---|
User authentication with CAS. |
POST |
https://{serverIp}:443/cas/v1/tickets username=<username>& password=<password>& presentation=<{{server}:8443}> Response: { TGT-ID} “server address = OTN Server IP” |
Get Service Ticket for NFM-T |
POST |
https://{serverIp}/cas/v1/tickets/{TGT- ID} Response: {Ticket for NFM-T} |
Service Ticket NspOs |
GET |
https://{serverIp}/session-manager/login/cas user=<username>& password=<password>& ticket=<{Ticket for NFM-T}> |
Register SSO session Manager |
GET |
https://{serverIp}/session-manager/login?service user=<username>& password=<password>& service=<{{ServerIP}:8443/oms1350/login/cas}> |
Service Ticket for Session Manager |
POST |
https://{serverIp}/cas/v1/tickets/{TG-ID} user=<username>& password=<password>& service=<{{ServerIP}:8443/oms1350/login/cas}> |
Service Ticket for NFM-T Application |
GET |
https://{serverIp}:8443/oms1350/login/cas user=<username>& password=<password>& ticket=<{Service Ticket}> |
Fetch Session Information from NFM-T Application |
GET |
https://{serverIp}:8443/oms1350/data/common/sessionInfo |
NFM-T Application uses Central Authentication Service (CAS) which is single sign-on protocol for the web, and its purpose is to permit a user to access application while providing their credential only once.
Client needs to execute below seven steps to get authenticated itself to NFM-T web application.
1.1 User authentication with CAS.
When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client’s authenticity by checking a username and password against its db. If authentication succeeds, CAS returns security ticket (TGT Id).
Rest call details: URL = "http://{serverIp}:8443/cas/v1/tickets"; HTTP Method: POST Input Parameters: username and password. [Presentation] = OTN IP address. Response: {TGT-ID}. Sample TGT Id: TGT-104-HYNRlJlN7PmKBOqlKPnTDs9djzmOydkuevkY0p1om5r7bIVgF3-cas01.example.org   |
Code Snippet
|
1.2 Get Service Ticket for NFM-T
Once getting the TGT-ID from the CAS server in the previous step, we should get the Service-Ticket by using the TGT-ID.
Rest call details: URL = "http://{serverIp}:8443/cas/v1/tickets/<TGT-ID>"; HTTP Method: POST Input Parameters: service= http://{serverIp}:8443/{serverIp}/session-manager/login/cas. [Service address] = OTN IP address. Response: {Service-Ticket}. Sample Service-Ticket: ST-104-r66nweiJSpXfzP6OOgDI-cas01.example.org |
Code Snippet
|
1.3 Service Ticket NspOs
This is the third step of the authentication.After getting the Service-Ticket from the previous step, HTTP GET method on SessionManager URL to validate the ServiceTicket nspOS.
Rest call details: URL = "http://{serverIp}:8443/session-manager/login/cas"; HTTP Method: GET Input Parameters: Username : username for NFM-T presentation server Password : password for NFM-T presentation server Presentation : IP address of NFM-T presentation server Ticket: Service-Ticket returned from previous step. [Service address] = OTN IP address. Response: JNLP File for LSM Application Sample TGT Id |
Code Snippet
|
1.4 Register SSO session Manager
Once getting the TGT-ID from the CAS server in the previous step, we should get the Service-Ticket by using the TGT-ID.
Rest call details: URL = "http://{serverIp}:/session-manager/login/<TGT-ID>"; HTTP Method: GET Input Parameters: service= http://{serverIp}:8443/{serverIp}:8443/oms1350/login/cas/. [Service address] = OTN IP address. |
Code Snippet
|
1.5 Service Ticket for Session Manager
Once getting the TGT-ID from the CAS server in the previous in second step, we should get the Service-Ticket by using the TGT-ID.
Rest call details: URL = "http://{serverIp}::443/cas/v1/tickets/<TGT-ID>"; HTTP Method: POST Input Parameters: service= http://{serverIp}:8443/{serveIp}/session-manager/login/cas. [Service address] = OTN IP address. Response: {Service-Ticket}. Sample Service-Ticket: ST-104-r66nweiJSpXfzP6OOgDI-cas01.example.org |
Code Snippet
|
1.6 Service Ticket for NFM-T Application
This is the sixth step of authentication.Once the service ticket is obtained as response in the previous step , HTTP GET method on SessionManager URL to validate the ServiceTicket NFM-T.
Rest call details: URL = "http://{serverIp}:8443oms1350/login/cas/<TGT-ID>"; HTTP Method: GET Input Parameters: service= http://[Service Ticket]:ST-66-HQVAlJSeAXCH3b7gtLGr-otneVM1. [Service address] = OTN IP address. Response: {Service-Ticket}. Sample Service-Ticket: ST-104-r66nweiJSpXfzP6OOgDI-cas01.example.org |
Code Snippet
|
1.7 Fetch Session Information from NFM-T Application
In this step we need to fetch the session information from the NFM-T Application after which we can access all the exposed REST services.
Rest call details: URL = "http://{serverIp}:8443/oms1350/data/common/sessionInfo"; HTTP Method: GET Response: Session Info from the NFM-T Server |
Code Snippet
|
NFM-T REST TEMPLATE CODE
Below is the complete code which authenticates the client code :
public class OMSRestTemplate extends RestTemplate {
private String myCookie = "";
private String urlPrefix = "";
public void authenticate ( AuthInfo authInfo ){
try {
nullHostNameVerifier();
turnOffSslChecking();
} catch (KeyManagementException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
List<String> successStatusCodes = Arrays.asList("200", "201", "302");}
URI tgtUrl = getTGTUrl(authInfo);
String st_ticket = getSTTicket(authInfo, tgtUrl);
ResponseEntity validateSessionResponse = validateServiceTicket(authInfo, st_ticket);
if (!successStatusCodes.contains(validateSessionResponse.getStatusCode().toString())) {
throw new Exception("Authentication failed at step 3 ");
}
String sessionResponse = validateSessionResponse.toString();
String nspOsCookie = sessionResponse.substring(sessionResponse.indexOf("NSPOS_JSESSIONID"),sessionResponse.indexOf("; Expires"));
ResponseEntity regSessionRes = registerSession(authInfo, nspOsCookie);
if (!successStatusCodes.contains(regSessionRes.getStatusCode().toString())) {
throw new Exception("Authentication failed at step 4 ");
}
String st_ticekt2 = generateSTViaTGTUrl(authInfo, nspOsCookie, tgtUrl, st_ticket);
ResponseEntity validateSvcTicketRes = validateServiceTicket2(authInfo, st_ticekt2, nspOsCookie);
if (!successStatusCodes.contains(validateSvcTicketRes.getStatusCode().toString())) {
throw new Exception("Authentication failed at step 6");
}
String validateSvcticketResStr = validateSvcTicketRes.toString();
String nfmtCookie = validateSvcticketResStr.substring(validateSvcticketResStr.indexOf("JSESSIONID="),validateSvcticketResStr.indexOf("; Path="));
ResponseEntity sessionInfoRes = retrieveSessionInfo(authInfo, nfmtCookie);
setMyCookie(nfmtCookie);
setUrlPrefix("https://" + authInfo.getServerIP() + ":" + authInfo.getServerPort() + "/oms1350");
} catch (Exception e) {
}
}
/**
*
* When the client visits an application desiring to authenticate to it, the
* application redirects it to CAS. CAS validates the client’s authenticity
* by checking a username and password against its db. If authentication
* succeeds, CAS returns security ticket (TGT Id).
*
*
*/
private URI getTGTUrl(AuthInfo authInfo) {
HashMap requestHeaders = new HashMap();
requestHeaders.put("Content-Type", "application/x-www-form-urlencoded");
String tgtUrl = "https://" + authInfo.getServerIP() + ":443" + "/cas/v1/tickets";
MultiValueMap<String, String> payload = new LinkedMultiValueMap<String, String>();
payload.add("username", authInfo.getServerUser());
payload.add("password", authInfo.getServerPwd());
return postForLocation(tgtUrl, payload);
}
private String getSTTicket(AuthInfo authInfo, URI tgtUrl) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
String svcUrl = "https://" + authInfo.getServerIP() + "/session-manager/login/cas";
MultiValueMap<String, String> servicePayload = new LinkedMultiValueMap<String, String>();
servicePayload.add("username", authInfo.getServerUser());
return postForObject(tgtUrl, servicePayload, String.class);
}
private ResponseEntity validateServiceTicket(AuthInfo authInfo, String st_ticket) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
MultiValueMap<String, String> ticketPayload = new LinkedMultiValueMap<String, String>();
ticketPayload.add("ticket", st_ticket);HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(ticketPayload,headers);
String validateSessionUrl = "https://" + authInfo.getServerIP() + "/session-manager/login/cas";
return postForEntity(validateSessionUrl, request, String.class);
}
private ResponseEntity registerSession(AuthInfo authInfo, String nspOsCookie) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);
HttpEntity<String> request = new HttpEntity<String>(headers);
String regSessionUrl = "https://" + authInfo.getServerIP() + "/session-manager/login?service=https://"+ authInfo.getServerIP() + ":8443/oms1350/login/cas";
servicePayload.add("username", authInfo.getServerUser());
return exchange(regSessionUrl, HttpMethod.GET, request, String.class);
}
private String generateSTViaTGTUrl(AuthInfo authInfo, String nspOsCookie, URI tgtUrl, String st_ticket) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);
String svcUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/login/cas";
MultiValueMap<String, String> servicePayload = new LinkedMultiValueMap<String, String>();
servicePayload.add("service", svcUrl);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(servicePayload, headers);
return postForObject(tgtUrl, request, String.class);
}
private ResponseEntity validateServiceTicket2(AuthInfo authInfo, String st_ticekt2, String nspOsCookie) {
String validateServiceTicketUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/login/cas";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);
MultiValueMap<String, String> ticketPayload = new LinkedMultiValueMap<String, String>();
ticketPayload.add("ticket", st_ticekt2);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(ticketPayload,headers);
return postForEntity(validateServiceTicketUrl, request, String.class);
}
private ResponseEntity retrieveSessionInfo(AuthInfo authInfo, String nfmtCookie) {
String retrieveSessionInfoUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/data/common/sessionInfo";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nfmtCookie);
HttpEntity<String> request = new HttpEntity<String>(headers);
return exchange(retrieveSessionInfoUrl, HttpMethod.GET, request, String.class);
}
@Override
protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOException {
ClientHttpRequest request = super.createRequest(url, method);
request.getHeaders().add("Cookie", myCookie);
return request;
}
public String getMyCookie() {
return myCookie;
}
public void setMyCookie(String myCookie) {
this.myCookie = myCookie;
}
private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers(){
return null;
}
public void checkClientTrusted( X509Certificate[] certs, String authType ){}
public void checkServerTrusted( X509Certificate[] certs, String authType ){}
}
};
public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
// Install the all-trusting trust manager
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init( null, UNQUESTIONING_TRUST_MANAGER, null );
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
private static void nullHostNameVerifier (){
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
// ip address of the service URL(like.23.28.244.244)
//if (hostname.equals("135.250.16.122"))
return true;
//return false;
}
});
}
public String getUrlPrefix() {
return urlPrefix;
}
public void setUrlPrefix(String urlPrefix) {
this.urlPrefix = urlPrefix;
}
}
2. NFM-T Rest Call Client usage
REST CLIENT APPLICATION CODE
Below is the complete code of the client which uses authentication
public class NFMTRestClientApplication {
public static void main(String[] args) {
/**Authentication Information like Machine IP, username and password*/
AuthInfo authInfo = new AuthInfo();
/**create NFMTRestTemplate instance**/
NFMTRestTemplate nfmtRestTemplate = new NFMTRestTemplate ();
/**authenticate*/
nfmtRestTemplate.authenticate(authInfo);
// below is the sample to execute the service.Others can be implemented in the same way
CustomerService custSvc = new CustomerService ();
String resp = custSvc.getAllCustomers(nfmtRestTemplate);
}
}