Question
Jimmy Christian · Jun 17, 2019

REST Beginner Question

Hello,

I am taking some intro lessons in REST from the online courses. Below is a very simple code i wrote. But when i try to see the output by entering the url

http://localhost:57773/rest/coffeemakerapp/coffeemaker i get an error "

This page isn’t working

If the problem continues, contact the site owner.

HTTP ERROR 401

Thanks,

Jimmy

Class demo.CoffeeMakerRestServer Extends %CSP.REST
{
XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap" ]
{
<Routes>
<Route Url="/coffeemaker" Method="GET" Call="GetCoffeeMakerInfo"/>
</Routes>
}

ClassMethod GetCoffeeMakerInfo() As %Status
{
Set tArr=[]
Do tArr.%PUSH({
"img": "txt",
"Name": "Best"
})
Write tArr.%ToJSON() 
Quit $$$OK
}
}

00
2 0 7 551
Log in or sign up to continue

Replies

Hi Jimmy!

401 means that Authenticated user is not authorized to reach the server.

To prove the fact you could grant the application a %ALL role (the second tab) and this should work then.

I would suggest that adding the %All role, though it would work, is a bit like crushing a nut with a sledgehammer. It effectively opens the door to any unwanted intruder to gain access the Cache/Ensemble/IRIS. For the purposes of a demo test application %All role will work however the deve;loper should be aware that there are more appropriate security mechanisms available to handle user authentication.

Hello Evgeny,

Yes this worked perfectly. I think i did select %ALL role, but did not click on assign but only SAVED it.

Thank you for all your help. But looks like at some point once i familiarize myself with this web and rest app build, i will need to learn more about security..

Thanks,

Jimmy Christian.

Thank you Stephen. I will check the link you provided for more understanding on REST.

Thank you Nigel for the suggestions. Agreed, but since this is just a standalone training env, and for now i only want to have a hands on REST development, i think assigning %All role should be fine to see the output of the code ! Security will be my next hands on once i am familiar with the REST architecture.

You could also try a tool like Postman to test service calls and authentication methods.  If you tick the Password checkbox it enables Basic authentication (plain text username/password) is enabled. You can  also use bearer tokens instead, which is a popular authentication scheme.

While authentication/authorization isn't really covered in great detail, REST and Relaxation is a good starting point for REST development and it comes with a video and source code.

You should also double-check your URL is correct and resource permissions are correct. You probably only need permissions on the ENSEMBLE namespace and there might be a resource that defines this. Your URL is probably something like http://yourserver/rest/coffeemakerapp/coffeemaker