You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ace.apache.org by ja...@apache.org on 2012/04/25 13:35:35 UTC
svn commit: r1330212 - in /ace/site/trunk/content/dev-doc/design:
ace-authentication.mdtext auth_connectionfactory.svg
Author: jawi
Date: Wed Apr 25 11:35:34 2012
New Revision: 1330212
URL: http://svn.apache.org/viewvc?rev=1330212&view=rev
Log:
Small updates to text; new version of image.
Modified:
ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext
ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg
Modified: ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext
URL: http://svn.apache.org/viewvc/ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext?rev=1330212&r1=1330211&r2=1330212&view=diff
==============================================================================
--- ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext (original)
+++ ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext Wed Apr 25 11:35:34 2012
@@ -17,8 +17,8 @@ Before going in more depth on the authen
In figure 1, several communication paths exists (denoted by the circled digits):
-1. the client communicates to the server by means of both direct calls to its services as well as remoted calls (by means of HTTP[^1]);
-2. a management agent (representing the target) communicates to the management server through HTTP calls;
+1. the client communicates to the ACE server by means of both direct calls to its services as well as remoted calls (by means of HTTP[^1]);
+2. a management agent (representing the target) communicates to the ACE server through HTTP calls;
3. the REST API exposes the entire client API in a RESTful way. Communication to the client occurs by both direct calls as well as through HTTP;
4. the Vaadin Web UI exposes the entire client API as web application. Similar as the REST API, it communicates both directly as through HTTP with the client.
@@ -91,6 +91,7 @@ To make this more concrete, an example o
The service configuration, located in `org.apache.ace.obr.servlet.cfg`, looks like:
+ :::properties
# Endpoint for this servlet
org.apache.ace.server.servlet.endpoint=/obr
# Whether or not authentication is to be used
@@ -98,6 +99,7 @@ The service configuration, located in `o
In `BundleServlet` we add the following code:
+ :::java
private volatile boolean m_useAuth;
private volatile AuthenticationService m_authService;
@@ -137,6 +139,7 @@ As almost all of the services in ACE are
The actual authentication implementation itself is rather trivial: we simply intercept all incoming requests in our servlet and verify whether it resolves to a valid user:
+ :::java
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if (!authenticate(req)) {
@@ -165,6 +168,7 @@ Note that this implementation does not t
Now that the remote service itself is no longer accepting unauthenticated requests, we need to supply the credentials to access this service to the `ConnectionFactory` service. This service can be configured using the PID `org.apache.ace.connectionfactory` (*note that it is a configuration factory!*), which would result in the following configuration for accessing our `BundleServlet`:
+ :::properties
# What kind of authentication should we supply
authentication.type = basic
# The actual credentials for basic authentication
@@ -182,11 +186,11 @@ When this configuration is supplied to t
[^1]: Other communication protocols could be used as well. However, currently, only HTTP is natively supported by ACE. For the remainder of this article, we'll assume HTTP as protocol.
-[^2]: Assuming that all components in the management server are trusted and obtained from trusted sources. If untrusted components would be allowed, we need to add authentication to these communication paths as well.
+[^2]: Assuming that all components in the ACE server are trusted and obtained from trusted sources. If untrusted components would be allowed, we need to add authentication to these communication paths as well.
[^3]: It is up to the implementation of `AuthenticationService` whether the *first* found user is returned, or whether it checks if all authentication processors yield the *same* user, or any other strategy that is desired.
-[^4]: Amongst others, any number of log-endpoints can be defined, at least one is needed for the audit log to be synchronized between target and management server.
+[^4]: Amongst others, any number of log-endpoints can be defined, at least one is needed for the audit log to be synchronized between target and ACE server.
[^5]: Note that we're using a configuration dependency for this service. This way, the configuration **must** be present before the service itself is registered, which allows us to determine if authentication should be used or not.
Modified: ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg
URL: http://svn.apache.org/viewvc/ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg?rev=1330212&r1=1330211&r2=1330212&view=diff
==============================================================================
--- ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg (original)
+++ ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg Wed Apr 25 11:35:34 2012
@@ -1,13 +1,23 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg height="98" version="1.1" width="262" xmlns="http://www.w3.org/2000/svg">
-<rect fill="#ffffff" height="70" stroke="#ffffff" stroke-width="1" width="234" x="14" y="14"/>
-<rect fill="none" height="70" stroke="#000000" stroke-width="1" width="234" x="14" y="14"/>
-<text font-family="Lucida Grande" font-size="13" x="72" y="48">
+<svg height="226" version="1.1" width="262" xmlns="http://www.w3.org/2000/svg">
+<rect fill="#ffffff" height="70" stroke="#ffffff" stroke-width="1" width="234" x="14" y="142"/>
+<rect fill="none" height="70" stroke="#000000" stroke-width="1" width="234" x="14" y="142"/>
+<text font-family="Lucida Grande" font-size="13" x="72" y="176">
ConnectionFactory</text>
-<text font-family="Lucida Grande" font-size="13" x="83" y="29">
+<text font-family="Lucida Grande" font-size="13" x="83" y="157">
<<interface>></text>
-<rect fill="#000000" height="1" stroke="#000000" stroke-width="1" width="234" x="14" y="58"/>
-<text font-family="Lucida Grande" font-size="13" x="18" y="73">
+<rect fill="#000000" height="1" stroke="#000000" stroke-width="1" width="234" x="14" y="186"/>
+<text font-family="Lucida Grande" font-size="13" x="18" y="201">
createConnection() : URLConnection</text>
+<rect fill="#ffffff" height="72" stroke="#ffffff" stroke-width="1" width="232" x="14" y="14"/>
+<rect fill="none" height="72" stroke="#000000" stroke-width="1" width="232" x="14" y="14"/>
+<text font-family="Lucida Grande" font-size="13" x="57" y="48">
+ManagedServiceFactory</text>
+<text font-family="Lucida Grande" font-size="13" x="82" y="29">
+<<interface>></text>
+<rect fill="#000000" height="1" stroke="#000000" stroke-width="1" width="232" x="14" y="58"/>
+<polyline fill="none" points="131,142 131,85" stroke="#333399" stroke-width="1"/>
+<polygon fill="#ffffff" points="131,85 138,97 124,97" stroke="#ffffff" stroke-width="1"/>
+<polygon fill="none" points="131,85 138,97 124,97" stroke="#333399" stroke-width="1"/>
</svg>