ServiceAuthHandler adds security to the base class ServiceHandler. More...

#include <service_handler.h>

Inheritance diagram for ServiceAuthHandler:

Collaboration diagram for ServiceAuthHandler:

Public Member Functions
std::string &	getName ()

std::string &	getType ()

bool	createSecurityCategories (ManagementClient *mgtClient, bool dryRun)
	Create "${service}Security" category with empty content. More...

bool	updateSecurityCategory (const std::string &newCategory)
	Update the class objects from security category content update. More...

void	setInitialAuthenticatedCaller ()
	Set initial value of enabled authentication.

void	setAuthenticatedCaller (bool enabled)
	Set enabled authentication value. More...

bool	getAuthenticatedCaller ()
	Return enabled authentication value. More...

bool	AuthenticationMiddlewareACL (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, const std::string &serviceName, const std::string &serviceType)
	Authentication Middleware ACL check. More...

bool	AuthenticationMiddlewareCommon (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::string &callerName, std::string &callerType)
	Authentication Middleware for Dispatcher service. More...

void	AuthenticationMiddlewarePUT (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)> funcPUT)
	Authentication Middleware for PUT methods. More...

void	refreshBearerToken ()
	Refresh the bearer token of the runnign service This routine is run by a thread started in createSecurityCategories. More...

void	respond (std::shared_ptr< HttpServer::Response > response, const std::string &payload)

void	respond (std::shared_ptr< HttpServer::Response > response, SimpleWeb::StatusCode code, const std::string &payload)

bool	securityChange (const std::string &payload)
	Request security change action: More...

Public Member Functions inherited from ServiceHandler
virtual void	shutdown ()=0

virtual void	restart ()=0

virtual void	configChange (const std::string &category, const std::string &config)=0

virtual void	configChildCreate (const std::string &parent_category, const std::string &category, const std::string &config)=0

virtual void	configChildDelete (const std::string &parent_category, const std::string &category)=0

virtual bool	isRunning ()=0

Static Public Member Functions
static ManagementClient *	getMgmtClient ()

Protected Attributes
std::string	m_name

std::string	m_type

Static Protected Attributes
static ManagementClient *	m_mgtClient = NULL
	Initialise m_mgtClient object to NULL.

Detailed Description

ServiceAuthHandler adds security to the base class ServiceHandler.

Member Function Documentation

◆ AuthenticationMiddlewareACL()

bool ServiceAuthHandler::AuthenticationMiddlewareACL	(	std::shared_ptr< HttpServer::Response >	response,
		std::shared_ptr< HttpServer::Request >	request,
		const std::string &	serviceName,
		const std::string &	serviceType
	)

Authentication Middleware ACL check.

serviceName, serviceType and url (request->path) are cheked with verifyURL and verifyService routines

If access is granted return true otherwise error response is sent to the client and return is false

Parameters

response	The HTTP Response to send
request	The HTTP Request
callerName	The caller service name to check
callerType	The caller service type to check

Returns: True on success False otherwise with server reply error

◆ AuthenticationMiddlewareCommon()

bool ServiceAuthHandler::AuthenticationMiddlewareCommon	(	std::shared_ptr< HttpServer::Response >	response,
		std::shared_ptr< HttpServer::Request >	request,
		std::string &	callerName,
		std::string &	callerType
	)

Authentication Middleware for Dispatcher service.

Routine first check whether the service is configured with authentication

Access bearer token is then verified against FogLAMP core API endpoint token claims 'sub' and 'aud' along with request are passed to verifyURL and verifyService routines

If access is granted then return map with token claims otherwise error response is sent to the client and empty map is returned.

Parameters

response	The HTTP Response to send
request	The HTTP Request

Returns: True on success False on errors

◆ AuthenticationMiddlewarePUT()

void ServiceAuthHandler::AuthenticationMiddlewarePUT	(	std::shared_ptr< HttpServer::Response >	response,
		std::shared_ptr< HttpServer::Request >	request,
		std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)>	funcPUT
	)

Authentication Middleware for PUT methods.

Routine first check whether the service is configured with authentication

Access bearer token is then verified against FogLAMP core API endpoint JWT token claims are passed to verifyURL and verifyService routines

If access is granted the input funcPUT funcion is called otherwise error response is sent to the client

Parameters

response	The HTTP Response to send
request	The HTTP Request
funcPUT	The function to call in case of access granted

◆ createSecurityCategories()

bool ServiceAuthHandler::createSecurityCategories	(	ManagementClient *	mgtClient,
		bool	dryRun
	)

Create "${service}Security" category with empty content.

Parameters

mgtClient	The management client object
dryRun	Dryrun so do not register interest in the category

Returns: True on success, False otherwise

◆ getAuthenticatedCaller()

bool ServiceAuthHandler::getAuthenticatedCaller ( )

Return enabled authentication value.

Returns: True on success, False otherwise

◆ refreshBearerToken()

void ServiceAuthHandler::refreshBearerToken ( )

Refresh the bearer token of the runnign service This routine is run by a thread started in createSecurityCategories.

After sleep time got in 'exp' of curren token a new one is requested to the core via token_refresh API endpoint

◆ securityChange()

bool ServiceAuthHandler::securityChange ( const std::string & payload )

virtual

Request security change action:

Given a reason code, “attachACL”, “detachACL”, “reloadACL”, “updateACL” in 'reason' atribute, the ACL name in 'argument' could be attached, detached or reloaded

Parameters

payload The JSON document with 'reason' and 'argument' True on success

Reimplemented from ServiceHandler.

◆ setAuthenticatedCaller()

void ServiceAuthHandler::setAuthenticatedCaller ( bool enabled )

Set enabled authentication value.

Parameters

enabled The enable/disable flag to set

◆ updateSecurityCategory()

bool ServiceAuthHandler::updateSecurityCategory ( const std::string & newCategory )

Update the class objects from security category content update.

Parameters

category The service category name

Returns: True on success, False otherwise

The documentation for this class was generated from the following files:

C/services/common/include/service_handler.h
C/services/common/service_security.cpp

Public Member Functions

Static Public Member Functions

Protected Attributes

Static Protected Attributes

Detailed Description

Member Function Documentation

◆ AuthenticationMiddlewareACL()

◆ AuthenticationMiddlewareCommon()

◆ AuthenticationMiddlewarePUT()

◆ createSecurityCategories()

◆ getAuthenticatedCaller()

◆ refreshBearerToken()

◆ securityChange()

◆ setAuthenticatedCaller()

◆ updateSecurityCategory()