dhis2-devs team mailing list archive

Thread
Date

Re: Web API docs

To: Lars Helge Øverland <larshelge@xxxxxxxxx>
From: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
Date: Wed, 21 Mar 2012 18:04:52 +0200
Cc: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAD_DPKyfKcL16ic8Bvp_3sszvNyFEP9mRN1TXeang+WmR4+3vg@mail.gmail.com>

Thanks Lars

Just to share my earlier mail to you with the world ...

If you are not happy about exposing the credentials on the web page
and you are using apache, you can also do something like this on the
server (requires proxy_http and
headers modules):

<Location /api/ >
       ProxyPass         http://localhost/datawarehouse/api/
       ProxyPassReverse  http://localhost/datawarehouse/api/
       # user guest:password base64 encoded
       RequestHeader set Authorization "Basic YWRtaW46ZGlzdHJpY3Q="
       Header unset Set-Cookie
</Location>

This causes all requests to /api/ on the server to be proxied to
http://guest:password@localhost/datawarehouse/api/charts/ without
asking or requiring any authentication.

(http://localhost/datawarehouse is proxied elsewhere to tomcat)

The Header unset is necessary to remove the session cookie on the response.

Not ideal (you would still want to protect this file on the server)
but better than having
the credentials in the html page.

Incidentally this is also a handy way to setup a guest access to dhis
in general if you wanted to make some things public to the world
without requiring user login.

BIG CAVEAT - the above might also allow anyone to POST without
authentication which is a bad thing.  Haven't checked yet on how the
access controls around posting are currently implemented.

But you could easily just make things like charts available by
specifying Locations like /api/charts/ rather than exposing the whole
/api/.

Bob

On 21 March 2012 17:02, Lars Helge Øverland <larshelge@xxxxxxxxx> wrote:
> I have added an example for sending and reading messages, and an
> example for authenticating and embedding reports from the Web API in
> web pages:
>
> http://dhis2.org/doc/snapshot/en/user/html/ch24.html
>
> Reference web page here:
>
> http://apps.dhis2.org/portal
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: Web API docs
From: Lars Helge Øverland, 2012-03-21

References

Web API docs
From: Lars Helge Øverland, 2012-03-19
Re: Web API docs
From: Lars Helge Øverland, 2012-03-21