OpenEdge Development: Mobile Applications - Product ...
OpenEdge Development: Mobile Applications - Product ...
OpenEdge Development: Mobile Applications - Product ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 5: Deploying <strong>Mobile</strong> <strong>Applications</strong><br />
Defining user roles for a Web application<br />
User roles allow you to define access controls for the <strong>Mobile</strong> services and resources of<br />
a <strong>Mobile</strong> Web application so that only users that have a given assigned role can access<br />
a given resource. <strong>OpenEdge</strong> provides a built-in set of predefined roles or you can<br />
define your own user roles for a Web application. For more information, see the<br />
sections on adding users, and user roles and privileges, for REST applications in<br />
<strong>OpenEdge</strong> Application Server: Administration.<br />
Setting access controls based on user roles<br />
The tools for setting access controls on a Web application's resources are provided<br />
entirely using the Spring Security framework installed with <strong>OpenEdge</strong>. For more<br />
information on using the Spring Security framework to apply access controls, see the<br />
Spring Security documentation at<br />
http://static.springsource.org/spring-security/site/reference.html.<br />
Cross-origin resource sharing (CORS)<br />
Cross-origin resource sharing (CORS) is a W3C group standard that allows a <strong>Mobile</strong><br />
App's JavaScript to access Web application resources in a DNS domain different from<br />
the one the current HTTP page and JavaScript were loaded from. Such “cross-domain”<br />
requests are otherwise forbidden by Web browser’s JavaScript engine. The CORS<br />
standard defines a way in which a <strong>Mobile</strong> App's JavaScript can ask the Web application<br />
if it can make the cross-origin request, and the Web application's configuration can<br />
determine if the cross-domain request will be granted. The W3C CORS standard works<br />
by adding new HTTP headers that allow servers to control resource access to<br />
permitted origin domains.<br />
CORS support is enabled in <strong>Mobile</strong> Web applications and its defaults are configured to<br />
grant access to all <strong>Mobile</strong> services from any generic HTTP requests (made by a non<br />
JavaScript client) and any JavaScript engine from any DNS domain. This means that<br />
a <strong>Mobile</strong> App can load a Web page from one DNS domain and perform <strong>Mobile</strong><br />
operations on any <strong>Mobile</strong> service's resources residing in another DNS domain. CORS<br />
support is extended to all modern mobile devices and Web browsers. Before using<br />
devices and browsers with a CORS-enabled <strong>Mobile</strong> application, ensure that they<br />
support the CORS standard. For more information on the CORS standard, see the<br />
documentation at http://www.w3.org/TR/cors/.<br />
You might need to configure CORS support for a <strong>Mobile</strong> Web application specific to a<br />
production site's requirements. You can do this in exactly the same way as for a REST<br />
Web application. <strong>OpenEdge</strong> supports CORS configuration using the Spring Security<br />
framework embedded in each <strong>Mobile</strong> and REST Web application. For more information<br />
on configuring this CORS support, see the sections on managing security for REST<br />
applications in <strong>OpenEdge</strong> Application Server: Administration.<br />
144 <strong>OpenEdge</strong> ® <strong>Development</strong>: <strong>Mobile</strong> <strong>Applications</strong>