Handle Authentication
Requests can be anonymous to have MashZone NextGen treat the user as a guest. To send anonymous requests, include the x-p-anonymous MashZone NextGen header/parameter in the URL or as an HTTP header.
In all other cases, the first request to MashZone NextGen must supply user identity information. This creates a standard HTTP session. What is required in the initial request depends on how authentication is configured in MashZone NextGen.
For authentication with SSO (single sign-on solution) or SSL with digital certificates, user identity information is supplied by those solutions. No additional authentication information is required in the request.
For authentication using basic credentials, you must use the REST API method to login to create a MashZone NextGen session and authenticate the user. This adds a cookie with session information which is then included in all subsequent requests. You can also use the REST API method to logout and end the session or simply let the session expire (based on MashZone NextGen timeout configuration).
Login: use this URL:
http://app-server:port/mashzone/edge/api/rest/UserManagerService/login?presto_username=username&presto_password=pw
Both parameters must be in clear text.
Successful logins set a session cookie and return an XML response in the form:
<?xml version="1.0"?>
<ServiceResponseObject>
<version>2.0</version>
<appId></appId>
<sid>UserManagerService</sid>
<svcVersion>1.0</svcVersion>
<oid>login</oid>
<response
>
<authToken>Token is set as HTTP cookie</authToken>
</response>
<errorCode></errorCode>
<invId></invId>
<header/>
<serviceHeaders/>
</ServiceResponseObject>
Unsuccessful logins return a simple text response: Authentication failed.Userid:someName.
Logout: use this URL:
http://app-server:port/mashzone/edge/api/rest/UserManagerService/logout