31 Dec 2018: Thank you to our knowledgeable and friendly forums users for another great year. We are aware of the uptick in spam accounts and are doing our best to ban these at first sight. Thank you for your patience!

REST and authenticating in the upcoming release

GerbenRienkGerbenRienk Posts: 793 ✭✭✭
Dear developers, I was looking at the developers release and noticed that I could use http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1 with surprisingly rich results! This certainly looks very promising for the 3.2 release and I'm looking forward to that. But until 3.2, is it possible to use any kind of authorisation, or is it still as indicated on https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls that "These URLs do not support OAuth security authentication."? Kind regards, Gerben Rienk
Post edited by bbaumann on
Tagged:
«1

Comments

  • agoodwinagoodwin Posts: 131 admin
    Hi Gerben,
    Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    I'm curious to know what you're hoping to use this for.
    Best,
    Alicia
    On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk wrote:
    Dear developers,
    I was looking at the developers release and noticed that I could use
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    with surprisingly rich results! This certainly looks very promising for
    the 3.2 release and I'm looking forward to that.
    But until 3.2, is it possible to use any kind of authorisation, or is it
    still as indicated on
    https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    that "These URLs do not support OAuth security authentication."?
    Kind regards,
    Gerben Rienk
  • GerbenRienkGerbenRienk Posts: 793 ✭✭✭
    Hi Alicia,

    Thank you for your quick reply.
    I was, for now, thinking about quick reporting for independent reviewers and secondly about getting items for a randomization and then sending the results back to OC.
    So basically I would like to access these data from other apps.
    Kind regards,

    Gerben Rienk

    Van: [email protected] [mailto:[email protected]] Namens Alicia Goodwin
    Verzonden: dinsdag 18 februari 2014 22:58
    Aan: [email protected]
    Onderwerp: Re: [Developers] REST and authenticating in the upcoming release

    Hi Gerben,
    Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    I'm curious to know what you're hoping to use this for.
    Best,
    Alicia



    On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk wrote:
    Dear developers,
    I was looking at the developers release and noticed that I could use
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    with surprisingly rich results! This certainly looks very promising for
    the 3.2 release and I'm looking forward to that.
    But until 3.2, is it possible to use any kind of authorisation, or is it
    still as indicated on
    https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    that "These URLs do not support OAuth security authentication."?
    Kind regards,
    Gerben Rienk
  • jamuna269jamuna269 Posts: 109
    Gerber
    While developing and testing the rest based urls(for the purpose of automation) we developed a strategy to maintain security session without using oauth.
    We used 'post' to the security credentials and gain authentication into openclinica application and thus maintain session.
    Perhaps, similar approach might work for you as well? If yes, I can send in more details.
    Sent from my iPhone
    On Feb 18, 2014, at 5:18 PM, "Gerben Rienk" wrote:
    > Hi Alicia,
    >
    >
    >
    > Thank you for your quick reply.
    >
    > I was, for now, thinking about quick reporting for independent reviewers and secondly about getting items for a randomization and then sending the results back to OC.
    >
    > So basically I would like to access these data from other apps.
    >
    > Kind regards,
    >
    >
    >
    > Gerben Rienk
    >
    >
    >
    > Van: [email protected] [mailto:[email protected]] Namens Alicia Goodwin
    > Verzonden: dinsdag 18 februari 2014 22:58
    > Aan: [email protected]
    > Onderwerp: Re: [Developers] REST and authenticating in the upcoming release
    >
    >
    >
    > Hi Gerben,
    >
    > Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    > http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    >
    > Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    >
    > I'm curious to know what you're hoping to use this for.
    >
    > Best,
    > Alicia
    >
    >
    >
    >
    >
    >
    >
    > On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk wrote:
    >
    > Dear developers,
    >
    > I was looking at the developers release and noticed that I could use
    > http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    > with surprisingly rich results! This certainly looks very promising for
    > the 3.2 release and I'm looking forward to that.
    > But until 3.2, is it possible to use any kind of authorisation, or is it
    > still as indicated on
    > https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    > that "These URLs do not support OAuth security authentication."?
    > Kind regards,
    >
    > Gerben Rienk
    >
    >
  • GerbenRienkGerbenRienk Posts: 793 ✭✭✭
    Hello Jamuna,
    Yes, that sounds very interesting indeed! Could you maybe post an example?
    Thank in advance,
    Gerben Rienk
    > > Gerber
    > >
    > > While developing and testing the rest based urls(for the purpose of
    > > automation) we developed a strategy to maintain security session without
    > > using oauth.
    > >
    > > We used 'post' to the security credentials and gain authentication into
    > > openclinica application and thus maintain session.
    > > Perhaps, similar approach might work for you as well? If yes, I can send
    > > in more details.
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > Sent from my iPhone
    > >
    >> >> On Feb 18, 2014, at 5:18 PM, "Gerben Rienk" wrote:
    >> >>
    >> >> Hi Alicia,
    >> >>
    >> >> Thank you for your quick reply.
    >> >> I was, for now, thinking about quick reporting for independent reviewers
    >> >> and secondly about getting items for a randomization and then sending
    >> >> the results back to OC.
    >> >> So basically I would like to access these data from other apps.
    >> >> Kind regards,
    >> >>
    >> >> Gerben Rienk
    >> >>
    >> >> Van: [email protected]
    >> >> [mailto:[email protected]] Namens Alicia Goodwin
    >> >> Verzonden: dinsdag 18 februari 2014 22:58
    >> >> Aan: [email protected]
    >> >> Onderwerp: Re: [Developers] REST and authenticating in the upcoming
    >> >> release
    >> >>
    >> >> Hi Gerben,
    >> >>
    >> >> Glad to see you're getting a chance to play around with 3.2. Indeed
    >> >> we've done a bunch of work with REST APIs. Note that you can use * in
    >> >> place of many values in the URL to get all e.g. (Subject 1, Study Event
    >> >> 1, All CRFs) :
    >> >> http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    >> >>
    >> >> Also note that we've made quite a few changes / enhancements to the XML
    >> >> and you can also now get the data in JSON.
    >> >>
    >> >> I'm curious to know what you're hoping to use this for.
    >> >>
    >> >> Best,
    >> >> Alicia
    >> >>
    >> >>
    >> >>
    >> >>
    >> >>
    >> >> On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk wrote:
    >> >> Dear developers,
    >> >>
    >> >> I was looking at the developers release and noticed that I could use
    >> >> http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    >> >> with surprisingly rich results! This certainly looks very promising for
    >> >> the 3.2 release and I'm looking forward to that.
    >> >> But until 3.2, is it possible to use any kind of authorisation, or is it
    >> >> still as indicated on
    >> >> https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    >> >> that "These URLs do not support OAuth security authentication."?
    >> >> Kind regards,
    >> >>
    >> >> Gerben Rienk
    >> >>
    >> >>
  • toskriptoskrip Posts: 265 ✭✭
    Hi Jamuna,
    This sounds interesting. would it be possible to share some more implementation details (for this post of spring security on login page I suppose)?
    We have another application running next to OpenClinica which is providing some additional features and we would like to have automatic login into OpenClinica in the same time when the user is logged into our application. I think that additional app is from the OC point of view the same as request for REST web service.
    On second thought do you think that this post of spring security login data is a good approach for production? The session can expire and in the scenario when you have a separate application using OC REST services it has to check whether the session is still valid. Would it not be better to go for OAuth authentication?
    best
    Tomas
    On 19.02.2014 01:40, Jamuna N wrote:
    Gerber
    While developing and testing the rest based urls(for the purpose of automation) we developed a strategy to maintain security session without using oauth.
    We used 'post' to the security credentials and gain authentication into openclinica application and thus maintain session.
    Perhaps, similar approach might work for you as well? If yes, I can send in more details.
    Sent from my iPhone
    On Feb 18, 2014, at 5:18 PM, "Gerben Rienk" > wrote:
    Hi Alicia,
    Thank you for your quick reply.
    I was, for now, thinking about quick reporting for independent reviewers and secondly about getting items for a randomization and then sending the results back to OC.
    So basically I would like to access these data from other apps.
    Kind regards,
    Gerben Rienk
    Van: [email protected] [mailto:[email protected]] Namens Alicia Goodwin
    Verzonden: dinsdag 18 februari 2014 22:58
    Aan: [email protected]
    Onderwerp: Re: [Developers] REST and authenticating in the upcoming release
    Hi Gerben,
    Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    I'm curious to know what you're hoping to use this for.
    Best,
    Alicia
    On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk > wrote:
    Dear developers,
    I was looking at the developers release and noticed that I could use
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    with surprisingly rich results! This certainly looks very promising for
    the 3.2 release and I'm looking forward to that.
    But until 3.2, is it possible to use any kind of authorisation, or is it
    still as indicated on
    https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    that "These URLs do not support OAuth security authentication."?
    Kind regards,
    Gerben Rienk
  • mvirtosumvirtosu Posts: 275
    Tomas,
    How about sending security login data through POST every time you make a request?
    Mihai
    -----Original Message-----
    Sent: Wednesday, February 19, 2014 5:10 AM
    To: [email protected]
    Subject: Re: [Developers] REST and authenticating in the upcoming release
    Hi Jamuna,
    This sounds interesting. would it be possible to share some more implementation details (for this post of spring security on login page I suppose)?
    We have another application running next to OpenClinica which is providing some additional features and we would like to have automatic login into OpenClinica in the same time when the user is logged into our application. I think that additional app is from the OC point of view the same as request for REST web service.
    On second thought do you think that this post of spring security login data is a good approach for production? The session can expire and in the scenario when you have a separate application using OC REST services it has to check whether the session is still valid. Would it not be better to go for OAuth authentication?
    best
    Tomas
    On 19.02.2014 01:40, Jamuna N wrote:
    Gerber
    While developing and testing the rest based urls(for the purpose of automation) we developed a strategy to maintain security session without using oauth.
    We used 'post' to the security credentials and gain authentication into openclinica application and thus maintain session.
    Perhaps, similar approach might work for you as well? If yes, I can send in more details.
    Sent from my iPhone
    On Feb 18, 2014, at 5:18 PM, "Gerben Rienk" > wrote:
    Hi Alicia,
    Thank you for your quick reply.
    I was, for now, thinking about quick reporting for independent reviewers and secondly about getting items for a randomization and then sending the results back to OC.
    So basically I would like to access these data from other apps.
    Kind regards,
    Gerben Rienk
    Van: [email protected] [mailto:[email protected]] Namens Alicia Goodwin
    Verzonden: dinsdag 18 februari 2014 22:58
    Aan: [email protected]
    Onderwerp: Re: [Developers] REST and authenticating in the upcoming release
    Hi Gerben,
    Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    I'm curious to know what you're hoping to use this for.
    Best,
    Alicia
    On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk > wrote:
    Dear developers,
    I was looking at the developers release and noticed that I could use
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    with surprisingly rich results! This certainly looks very promising for the 3.2 release and I'm looking forward to that.
    But until 3.2, is it possible to use any kind of authorisation, or is it still as indicated on https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    that "These URLs do not support OAuth security authentication."?
    Kind regards,
    Gerben Rienk
  • toskriptoskrip Posts: 265 ✭✭
    Hi Mihai,
    this is of course possible, but it may introduce a security risk because
    I will have to have store somewhere the user password in a clear form
    during the time the application is supposed to have an access to
    OpenClinica REST interface.
    best
    Tomas
    On 19.02.2014 17:54, Mihai Virtosu wrote:
    > > Tomas,
    > >
    > > How about sending security login data through POST every time you make a request?
    > >
    > > Mihai
    > >
    > > -----Original Message-----
    > >
    > > Sent: Wednesday, February 19, 2014 5:10 AM
    > > To: [email protected]
    > > Subject: Re: [Developers] REST and authenticating in the upcoming release
    > >
    > > Hi Jamuna,
    > >
    > > This sounds interesting. would it be possible to share some more implementation details (for this post of spring security on login page I suppose)?
    > >
    > > We have another application running next to OpenClinica which is providing some additional features and we would like to have automatic login into OpenClinica in the same time when the user is logged into our application. I think that additional app is from the OC point of view the same as request for REST web service.
    > >
    > > On second thought do you think that this post of spring security login data is a good approach for production? The session can expire and in the scenario when you have a separate application using OC REST services it has to check whether the session is still valid. Would it not be better to go for OAuth authentication?
    > >
    > > best
    > >
    > > Tomas
    > >
    > > On 19.02.2014 01:40, Jamuna N wrote:
    > > Gerber
    > >
    > > While developing and testing the rest based urls(for the purpose of automation) we developed a strategy to maintain security session without using oauth.
    > >
    > > We used 'post' to the security credentials and gain authentication into openclinica application and thus maintain session.
    > > Perhaps, similar approach might work for you as well? If yes, I can send in more details.
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > Sent from my iPhone
    > >
    > > On Feb 18, 2014, at 5:18 PM, "Gerben Rienk" > wrote:
    > >
    > > Hi Alicia,
    > >
    > > Thank you for your quick reply.
    > > I was, for now, thinking about quick reporting for independent reviewers and secondly about getting items for a randomization and then sending the results back to OC.
    > > So basically I would like to access these data from other apps.
    > > Kind regards,
    > >
    > > Gerben Rienk
    > >
    > > Van: [email protected] [mailto:[email protected]] Namens Alicia Goodwin
    > > Verzonden: dinsdag 18 februari 2014 22:58
    > > Aan: [email protected]
    > > Onderwerp: Re: [Developers] REST and authenticating in the upcoming release
    > >
    > > Hi Gerben,
    > > Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    > > http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    > > Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    > >
    > > I'm curious to know what you're hoping to use this for.
    > > Best,
    > > Alicia
    > >
    > >
    > >
    > > On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk > wrote:
    > > Dear developers,
    > >
    > > I was looking at the developers release and noticed that I could use
    > > http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    > > with surprisingly rich results! This certainly looks very promising for the 3.2 release and I'm looking forward to that.
    > > But until 3.2, is it possible to use any kind of authorisation, or is it still as indicated on https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    > > that "These URLs do not support OAuth security authentication."?
    > > Kind regards,
    > >
    > > Gerben Rienk
    > >
    > >
  • jamuna269jamuna269 Posts: 109
    Hi All,
    We used the following url :
    http://host:port/context/j_spring_security_check
    and post method to send in login credentials(j_username='username',j_password = 'password'). Once we are in, we were able to maintain session, I experimented with couple of chrome tools before we fully automated the testing effort.
    Tomas:
    OpenClinica will not allow you to maintain same sessions from 2 different places, i.e it will log you off in the first session once you login using the second session . As Mihai mentioned, OpenClinica currently uses post via browser to send the credentials so its not any different from that.
    Thanks!
    Jamuna
    On Wed, Feb 19, 2014 at 11:46 AM, Mihai Virtosu wrote:
    Tomas,
    How about sending security login data through POST every time you make a request?
    Mihai
    -----Original Message-----
    Sent: Wednesday, February 19, 2014 5:10 AM
    To: [email protected]
    Subject: Re: [Developers] REST and authenticating in the upcoming release
    Hi Jamuna,
    This sounds interesting. would it be possible to share some more implementation details (for this post of spring security on login page I suppose)?
    We have another application running next to OpenClinica which is providing some additional features and we would like to have automatic login into OpenClinica in the same time when the user is logged into our application. I think that additional app is from the OC point of view the same as request for REST web service.
    On second thought do you think that this post of spring security login data is a good approach for production? The session can expire and in the scenario when you have a separate application using OC REST services it has to check whether the session is still valid. Would it not be better to go for OAuth authentication?
    best
    Tomas
    On 19.02.2014 01:40, Jamuna N wrote:
    Gerber
    While developing and testing the rest based urls(for the purpose of automation) we developed a strategy to maintain security session without using oauth.
    We used 'post' to the security credentials and gain authentication into openclinica application and thus maintain session.
    Perhaps, similar approach might work for you as well? If yes, I can send in more details.
    Sent from my iPhone
    On Feb 18, 2014, at 5:18 PM, "Gerben Rienk" > wrote:
    Hi Alicia,
    Thank you for your quick reply.
    I was, for now, thinking about quick reporting for independent reviewers and secondly about getting items for a randomization and then sending the results back to OC.
    So basically I would like to access these data from other apps.
    Kind regards,
    Gerben Rienk
    Van: [email protected] [mailto:[email protected]] Namens Alicia Goodwin
    Verzonden: dinsdag 18 februari 2014 22:58
    Aan: [email protected]
    Onderwerp: Re: [Developers] REST and authenticating in the upcoming release
    Hi Gerben,
    Glad to see you're getting a chance to play around with 3.2. Indeed we've done a bunch of work with REST APIs. Note that you can use * in place of many values in the URL to get all e.g. (Subject 1, Study Event 1, All CRFs) :
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/*
    Also note that we've made quite a few changes / enhancements to the XML and you can also now get the data in JSON.
    I'm curious to know what you're hoping to use this for.
    Best,
    Alicia
    On Tue, Feb 18, 2014 at 4:30 PM, Gerben Rienk > wrote:
    Dear developers,
    I was looking at the developers release and noticed that I could use
    http://localhost:8080/oc3142/rest/clinicaldata/xml/view/S_DEFAULTS1/SS_1/SE_SE1/F_TDSITEMVALID_V1
    with surprisingly rich results! This certainly looks very promising for the 3.2 release and I'm looking forward to that.
    But until 3.2, is it possible to use any kind of authorisation, or is it still as indicated on https://docs.openclinica.com/3.1/technical-documents/openclinica-restful-urls
    that "These URLs do not support OAuth security authentication."?
    Kind regards,
    Gerben Rienk
  • kevintehkevinteh Posts: 32
    edited April 2014

    Dear developers

    I've recently upgraded to 3.2 from 3.1.2 because i'm giving REST services a go. I'm trying to obtain user input item OID information. Below is my curl terminal post and get command. Can anyone please give me an example for i'm stuck figuring out how to get into OC CRF? The first part of the curl works the problem is the second part.

    curl -d j_username=x -d j_password=y -L http://192.168.109.129:8080/OpenClinica/j_spring_security_check && curl http://localhost:8080/OpenClinica/rest/clinicaldata/xml/view/S_123456/SS_88888/SE_REGISTRATIONVISIT/F_PHYSICALEXAM/IG_PHYSI_UNGROUPED/I_PHYSI_HEIGHT

    Thank you so much for all your help. Cheers.  

    Kevin

  • ccollinsccollins Posts: 378 admin
    via Email
    Hi Kevin,
    I think you can only go down to the form level right now, not the item
    level.
    Hope that helps,
    Cal
This discussion has been closed.