Server side parameters are secure values that can replace certain inputs for some service requests. They are currently only supported for Service Data Objects and Service Application Views. Both of these entities have a Parameters subtype, and each parameter has a Source that tells the system where the value of the parameter should come from. A source of 'Client' means we can use whatever the client provides us. Currently the only server side source is the AuthenticatedAttributes. This is a bucket of light weight information that is generated at authentication time and can be used to pull values for parameters of these requests. The values provided out of the box are:
- AuthenticatedPrincipalEntity - The name of the entity for the authenticated principal. Currently this is always 'Persons'.
- AuthenticatedPrincipalRecordId - The record id in the AuthenticatedPrincipalEntity entity. If the authenticated user is tied to Persons record 1, this value will be 1.
- ServiceApplicationName - The name of the Service Application executing this request.
- IsAnonymous - True, if the AuthenticatedPrinicpalRecordId is the record id for the anonymous user of this service application.
Any of these properties can be used as the value for the Source Lookup Name field on a Parameter. For example, if you had an entity for Personal Messages and were using an SDO to obtain the messages for the logged in user, you could define my parameter as shown below:
This would ensure you were always using the person id for the authenticated user when fetching the inbox contents. You have the ability to write a plugin to add more items to the AuthenticatedAttributes bucket if you need more server side parameters.
Be careful when using data out of the AuthenticatedAttributes. This is a concept that only exists in services. While it is fine for server side parameters, you can run into problems when trying to use them in a construct not specific to services. For example, if you write an entity plugin that pulls from the AuthenticatedAttributes, what happens when that plugin executes in an environment without services such as the Desktop client?