Accessing the secured resources

Feedback

Once the Token is available, the user can access the protected SuperMap iServer service and related resources. When the service is accessed, it can be accessed through the SuperMap iClient(for JavaScript, for Flash, for Silverlight, for Android). The request can be sent directly in a REST manner or a REST-based application, or the request can be sent by passing a Token in the Header to further reduce the security risk.

Through REST API

GIS services (see GIS Service resource hierarchy ), OGC services, and all resources of service management (see service management resource hierarchy for details) provided by SuperMap iServer all supoort use Token to access. Only need to add the "token" parameter when accessing. It should be noted that when accessing each resource in the protected service, the "token" parameter should be carried.

For example:

To access the map-china400/rest service:

http://localhost:8090/iserver/services/map-china400/rest?token=NZkILm9Tl2FGzwK_nUh9krlHOtO0ds83lDoARA85_rMveuTyK0TyGcYV-5rn3wUYE-MSNPlw6wKnewy8jek_JQ..

Access the tileImage resource to get a map tile:

http://localhost:8090/iserver/services/map-china400/rest/maps/China/tileImage.png?token=NZkILm9Tl2FGzwK_nUh9krlHOtO0ds83lDoARA85_rMveuTyK0TyGcYV-5rn3wUYE-MSNPlw6wKnewy8jek_JQ..

Access the workspaces resource, publish service service:

Refer to: Publish GIS service through REST API

Through the iClient

In addition to directly passing tokens through REST, the SuperMap iClient SDK provides an interface for passing tokens through client applications. For detailed usage, please refer to SuperMap iClient JavaScript

By passing a Token in the Header

In addition to passing Tokens in URLs directly through REST, SuperMap iServer also supports the use of Token passed in the Header to further reduce security risks. The detailed usage is as follows:

In the Header request header, write the "token" parameter and the token value.

For example:

To access the map-population/rest service via Fiddler simulation, simply enter the "token" parameter and its value in the last line of the Header, as shown in bold below:

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Referer: http://localhost:8090/iserver/services

Accept-Encoding: gzip, deflate, br

Accept-Language: zh-CN,zh;q=0.9

Cookie: JSESSIONID=F6EA9B952D034012D24510CDBC81C056; pathType=normal; filemanagerview=list; language=zh-CN

If-None-Match: W/"1eff28898f54315589652e172eeec45e"

token: 3oQxR71UBO4m22HFiWXjCWAqX_d8exjmBFpnNYA1vcwXDkVNFu8kQjuXoO7R3PJ5d-kgM6GpK_BBHRQuafUlTA..