![]() |
Fledge
An open source edge computing platform for industrial users
|
ServiceAuthHandler adds security to the base class ServiceHandler. More...
#include <service_handler.h>
Public Member Functions | |
std::string & | getName () |
std::string & | getType () |
bool | createSecurityCategories (ManagementClient *mgtClient, bool dryRun) |
Create "${service}Security" category with empty content. More... | |
bool | updateSecurityCategory (const std::string &newCategory) |
Update the class objects from security category content update. More... | |
void | setInitialAuthenticatedCaller () |
Set initial value of enabled authentication. | |
void | setAuthenticatedCaller (bool enabled) |
Set enabled authentication value. More... | |
bool | getAuthenticatedCaller () |
Return enabled authentication value. More... | |
bool | AuthenticationMiddlewareACL (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, const std::string &serviceName, const std::string &serviceType) |
Authentication Middleware ACL check. More... | |
bool | AuthenticationMiddlewareCommon (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::string &callerName, std::string &callerType) |
Authentication Middleware for Dispatcher service. More... | |
void | AuthenticationMiddlewarePUT (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)> funcPUT) |
Authentication Middleware for PUT methods. More... | |
void | refreshBearerToken () |
Refresh the bearer token of the runnign service This routine is run by a thread started in createSecurityCategories. More... | |
void | respond (std::shared_ptr< HttpServer::Response > response, const std::string &payload) |
void | respond (std::shared_ptr< HttpServer::Response > response, SimpleWeb::StatusCode code, const std::string &payload) |
bool | securityChange (const std::string &payload) |
Request security change action: More... | |
![]() | |
virtual void | shutdown ()=0 |
virtual void | restart ()=0 |
virtual void | configChange (const std::string &category, const std::string &config)=0 |
virtual void | configChildCreate (const std::string &parent_category, const std::string &category, const std::string &config)=0 |
virtual void | configChildDelete (const std::string &parent_category, const std::string &category)=0 |
virtual bool | isRunning ()=0 |
Static Public Member Functions | |
static ManagementClient * | getMgmtClient () |
Protected Attributes | |
std::string | m_name |
std::string | m_type |
Static Protected Attributes | |
static ManagementClient * | m_mgtClient = NULL |
Initialise m_mgtClient object to NULL. | |
ServiceAuthHandler adds security to the base class ServiceHandler.
bool ServiceAuthHandler::AuthenticationMiddlewareACL | ( | std::shared_ptr< HttpServer::Response > | response, |
std::shared_ptr< HttpServer::Request > | request, | ||
const std::string & | serviceName, | ||
const std::string & | serviceType | ||
) |
Authentication Middleware ACL check.
serviceName, serviceType and url (request->path) are cheked with verifyURL and verifyService routines
If access is granted return true otherwise error response is sent to the client and return is false
response | The HTTP Response to send |
request | The HTTP Request |
callerName | The caller service name to check |
callerType | The caller service type to check |
bool ServiceAuthHandler::AuthenticationMiddlewareCommon | ( | std::shared_ptr< HttpServer::Response > | response, |
std::shared_ptr< HttpServer::Request > | request, | ||
std::string & | callerName, | ||
std::string & | callerType | ||
) |
Authentication Middleware for Dispatcher service.
Routine first check whether the service is configured with authentication
Access bearer token is then verified against FogLAMP core API endpoint token claims 'sub' and 'aud' along with request are passed to verifyURL and verifyService routines
If access is granted then return map with token claims otherwise error response is sent to the client and empty map is returned.
response | The HTTP Response to send |
request | The HTTP Request |
void ServiceAuthHandler::AuthenticationMiddlewarePUT | ( | std::shared_ptr< HttpServer::Response > | response, |
std::shared_ptr< HttpServer::Request > | request, | ||
std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)> | funcPUT | ||
) |
Authentication Middleware for PUT methods.
Routine first check whether the service is configured with authentication
Access bearer token is then verified against FogLAMP core API endpoint JWT token claims are passed to verifyURL and verifyService routines
If access is granted the input funcPUT funcion is called otherwise error response is sent to the client
response | The HTTP Response to send |
request | The HTTP Request |
funcPUT | The function to call in case of access granted |
bool ServiceAuthHandler::createSecurityCategories | ( | ManagementClient * | mgtClient, |
bool | dryRun | ||
) |
Create "${service}Security" category with empty content.
mgtClient | The management client object |
dryRun | Dryrun so do not register interest in the category |
bool ServiceAuthHandler::getAuthenticatedCaller | ( | ) |
Return enabled authentication value.
void ServiceAuthHandler::refreshBearerToken | ( | ) |
Refresh the bearer token of the runnign service This routine is run by a thread started in createSecurityCategories.
After sleep time got in 'exp' of curren token a new one is requested to the core via token_refresh API endpoint
|
virtual |
Request security change action:
Given a reason code, “attachACL”, “detachACL”, “reloadACL”, “updateACL” in 'reason' atribute, the ACL name in 'argument' could be attached, detached or reloaded
payload | The JSON document with 'reason' and 'argument' True on success |
Reimplemented from ServiceHandler.
void ServiceAuthHandler::setAuthenticatedCaller | ( | bool | enabled | ) |
Set enabled authentication value.
enabled | The enable/disable flag to set |
bool ServiceAuthHandler::updateSecurityCategory | ( | const std::string & | newCategory | ) |
Update the class objects from security category content update.
category | The service category name |