Could you help with documentation for the TRO Http Api Simple Authentication Manager, specifically the On Can Write Method Security event


(Stuart Clennett) #1


I am exploring adding a REST API to my existing Delphi custom server.

As per the title, can you tell me what the OnCanWriteMethodSecurity event does and what CanWrite means?

Anything else I should know about TROHttpApiSimpleAuthenticationManager ?


(PS the extra spaces in the title are because your forum software refused to accept it was a readable sentence without them - this needs looking into as it could adversely affect future searches. I can’t even add them as tags)

(EvgenyK) #2


this event allows to specify service methods that can be launched w/o session protection via setting CanWrite to False. it works similar to RequiresSession property of service

for example, if all your methods require server’s session except LoginService.Login, it can be implemented as

procedure TServerForm.ROHttpApiSimpleAuthenticationManager1CanWriteMethodSecurity(
  aServiceName, aMethodName: string; var CanWrite: Boolean);
  CanWrite := not((aServiceName = 'LoginService') and (aMethodName = 'Login'));

Note: this event is used only if SecurityMode is set to smPerMethod

(Stuart Clennett) #3

Great thanks Evgeny !