Fledge
An open source edge computing platform for industrial users
ServiceAuthHandler Class Reference

ServiceAuthHandler adds security to the base class ServiceHandler. More...

#include <service_handler.h>

Inheritance diagram for ServiceAuthHandler:
Collaboration diagram for ServiceAuthHandler:

Public Member Functions

std::string & getName ()
 
std::string & getType ()
 
bool createSecurityCategories (ManagementClient *mgtClient, bool dryRun)
 Create "${service}Security" category with empty content. More...
 
bool updateSecurityCategory (const std::string &newCategory)
 Update the class objects from security category content update. More...
 
void setInitialAuthenticatedCaller ()
 Set initial value of enabled authentication.
 
void setAuthenticatedCaller (bool enabled)
 Set enabled authentication value. More...
 
bool getAuthenticatedCaller ()
 Return enabled authentication value. More...
 
bool AuthenticationMiddlewareACL (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, const std::string &serviceName, const std::string &serviceType)
 Authentication Middleware ACL check. More...
 
bool AuthenticationMiddlewareCommon (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::string &callerName, std::string &callerType)
 Authentication Middleware for Dispatcher service. More...
 
void AuthenticationMiddlewarePUT (std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)> funcPUT)
 Authentication Middleware for PUT methods. More...
 
void refreshBearerToken ()
 Refresh the bearer token of the runnign service This routine is run by a thread started in createSecurityCategories. More...
 
void respond (std::shared_ptr< HttpServer::Response > response, const std::string &payload)
 
void respond (std::shared_ptr< HttpServer::Response > response, SimpleWeb::StatusCode code, const std::string &payload)
 
bool securityChange (const std::string &payload)
 Request security change action: More...
 
- Public Member Functions inherited from ServiceHandler
virtual void shutdown ()=0
 
virtual void restart ()=0
 
virtual void configChange (const std::string &category, const std::string &config)=0
 
virtual void configChildCreate (const std::string &parent_category, const std::string &category, const std::string &config)=0
 
virtual void configChildDelete (const std::string &parent_category, const std::string &category)=0
 
virtual bool isRunning ()=0
 

Static Public Member Functions

static ManagementClientgetMgmtClient ()
 

Protected Attributes

std::string m_name
 
std::string m_type
 

Static Protected Attributes

static ManagementClientm_mgtClient = NULL
 Initialise m_mgtClient object to NULL.
 

Detailed Description

ServiceAuthHandler adds security to the base class ServiceHandler.

Member Function Documentation

◆ AuthenticationMiddlewareACL()

bool ServiceAuthHandler::AuthenticationMiddlewareACL ( std::shared_ptr< HttpServer::Response >  response,
std::shared_ptr< HttpServer::Request >  request,
const std::string &  serviceName,
const std::string &  serviceType 
)

Authentication Middleware ACL check.

serviceName, serviceType and url (request->path) are cheked with verifyURL and verifyService routines

If access is granted return true otherwise error response is sent to the client and return is false

Parameters
responseThe HTTP Response to send
requestThe HTTP Request
callerNameThe caller service name to check
callerTypeThe caller service type to check
Returns
True on success False otherwise with server reply error

◆ AuthenticationMiddlewareCommon()

bool ServiceAuthHandler::AuthenticationMiddlewareCommon ( std::shared_ptr< HttpServer::Response >  response,
std::shared_ptr< HttpServer::Request >  request,
std::string &  callerName,
std::string &  callerType 
)

Authentication Middleware for Dispatcher service.

Routine first check whether the service is configured with authentication

Access bearer token is then verified against FogLAMP core API endpoint token claims 'sub' and 'aud' along with request are passed to verifyURL and verifyService routines

If access is granted then return map with token claims otherwise error response is sent to the client and empty map is returned.

Parameters
responseThe HTTP Response to send
requestThe HTTP Request
Returns
True on success False on errors

◆ AuthenticationMiddlewarePUT()

void ServiceAuthHandler::AuthenticationMiddlewarePUT ( std::shared_ptr< HttpServer::Response >  response,
std::shared_ptr< HttpServer::Request >  request,
std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)>  funcPUT 
)

Authentication Middleware for PUT methods.

Routine first check whether the service is configured with authentication

Access bearer token is then verified against FogLAMP core API endpoint JWT token claims are passed to verifyURL and verifyService routines

If access is granted the input funcPUT funcion is called otherwise error response is sent to the client

Parameters
responseThe HTTP Response to send
requestThe HTTP Request
funcPUTThe function to call in case of access granted

◆ createSecurityCategories()

bool ServiceAuthHandler::createSecurityCategories ( ManagementClient mgtClient,
bool  dryRun 
)

Create "${service}Security" category with empty content.

Parameters
mgtClientThe management client object
dryRunDryrun so do not register interest in the category
Returns
True on success, False otherwise

◆ getAuthenticatedCaller()

bool ServiceAuthHandler::getAuthenticatedCaller ( )

Return enabled authentication value.

Returns
True on success, False otherwise

◆ refreshBearerToken()

void ServiceAuthHandler::refreshBearerToken ( )

Refresh the bearer token of the runnign service This routine is run by a thread started in createSecurityCategories.

After sleep time got in 'exp' of curren token a new one is requested to the core via token_refresh API endpoint

◆ securityChange()

bool ServiceAuthHandler::securityChange ( const std::string &  payload)
virtual

Request security change action:

Given a reason code, “attachACL”, “detachACL”, “reloadACL”, “updateACL” in 'reason' atribute, the ACL name in 'argument' could be attached, detached or reloaded

Parameters
payloadThe JSON document with 'reason' and 'argument' True on success

Reimplemented from ServiceHandler.

◆ setAuthenticatedCaller()

void ServiceAuthHandler::setAuthenticatedCaller ( bool  enabled)

Set enabled authentication value.

Parameters
enabledThe enable/disable flag to set

◆ updateSecurityCategory()

bool ServiceAuthHandler::updateSecurityCategory ( const std::string &  newCategory)

Update the class objects from security category content update.

Parameters
categoryThe service category name
Returns
True on success, False otherwise

The documentation for this class was generated from the following files: