PAS for OpenEdge is an application server for ABL web applications. It is based on the Apache Tomcat server and includes a web server as well as a servlet container for hosting ABL web applications.

PAS for OpenEdge is available as two separate products:
  • The Progress Application Server for OpenEdge (Production)—configured as a secure web server for ABL application deployment
  • The Progress Application Server for OpenEdge (Development)—configured as a web server for developing and testing ABL applications
Note: A Progress Developer Studio for OpenEdge installation includes the development version of PAS for OpenEdge to enable you to test and debug your services.
Key features of PAS for OpenEdge include:
  • Ability to create instances
  • HTTP/HTTPS for communicating with client applications
  • Transports for different types of client applications
  • Spring security

PAS for OpenEdge instances

A key feature of PAS for OpenEdge is that you can easily create and run more than one instance of the server, and configure the instances separately. Each instance shares the executables and libraries of a common Tomcat server, but each instance is a separate process, running in a separate JVM, with its own configuration (ports, security framework, Web applications, etc.).

Some advantages of instances are:
  • Updates to the core Apache Tomcat server libraries and executables do not affect your web applications. You avoid the necessity of updating the applications and/or re-configuring them.
  • You can establish different security policies for each of the instances.
  • Instances provide you with quick way to create a test server for experimenting with new configurations and applications without the danger of permanently corrupting an existing server.

HTTP(S) for client communication

A PAS for OpenEdge instance uses HTTP and HTTPS to communicate with client applications. To make a request to a web application in PAS for OpenEdge, a client application must first establish an HTTP or HTTPS connection with the PAS for OpenEdge instance.
Note: We recommend using HTTPS because it is a more secure way to exchange data.

Transports

PAS for OpenEdge transports handle HTTP requests from client applications. Each ABL service is bound to a transport. When a client application makes a request, the request URI includes the transport name.

Supported transports and their assigned URLs are described in the following table:
Transport Description URL Path
APSV Handles ABL clients, Java and .NET Open Clients requests. This transport also provides backwards compatibility for Classic AppServer clients over HTTP protocol. /apsv
REST Handles REST requests. /rest
SOAP Handles SOAP 1.1 requests. /soap
WEB Handles REST, classic WebSpeed, and HTTP requests, using a custom service interface called a web handler which is written in ABL. /web

Spring security

PAS for OpenEdge uses the Spring Security framework to provide enterprise-level application security with regard to:
  • Authentication — verification that username and password combinations are valid
  • Authorization — enforcing access control (users are granted permissions according to their assigned roles).
Spring Security is typically configured by an administrator. After authenticating a client request, the Spring framework produces an ABL security token called the Client-Principal. The Client-Principal object encapsulates a single user identity for an OpenEdge database connection, an ABL session, or an entire application. As a Service Developer, you can use the Client-Principal object to assert the user's identity and implement authorization by using the user's role information contained in the Client-Principal object.