When users access the protected iServer services, each request related with the services resources should carry a valid Token. Users can apply Token from iServer by the following steps.
- Enter service list page (http://SuperMapiServer:8090/iserver/services), click Login, after logging in, click Token option in username's dropdown list. It will jumpt to http://SuperMapiServer:8090/iserver/services/security/tokens (Access local service).
- Input related parameters and click Create Token to get Token:
User Name: account registered and has the permission to access services.
Password: user password.
Grant Token Method: include the following 4 types
- HTTP Referer: specify the client end address using Token, that is, GIS service client end homepage services. This method could bind the URL for accessing services. When users access GIS services using other URL, the request will be rejected even though carries Token. This method is applicable to build Web application by iClient (E.g., SuperMap iClient for JavaScritp) or other applications based on REST.
- Client IP: specified IP address to use Token. This method binds the IP address accessing GIS services. When users access GIS service using other IP address, server will reject even though carries Token.
- Current request IP: specify current IP address sending request is an IP address using Token. In this way, only the IP applying for Token can use Token.
- NONE: No limitations for the token
Validity: the Token is valid during the duration time from Token issued time. Token with shorter validity is safer, because a malicious user intercepted Token can be used only within a short period of time. However, short validity means that the application needs to request new Token more frequently.
Users can apply Token by many presentation formats, see REST API.