mirrors/onos
1
0
Fork 0
mirror of https://github.com/opennetworkinglab/onos.git synced 2025-10-15 17:31:31 +02:00
Code Issues Projects Releases Wiki Activity
onos/web/gui/doc/notes-websocket.md
Simon Hunt 1169c95d89 OS-1 : insecure UI websocket. 
- notes on authentication of UI web socket connection.
- new classes: UiSessionToken, UiTokenService.
- UiExtensionManager now implements UiTokenService.
- UiWebSocket now expects an authentication event from the client
- websocket.js now sends authentication event as first event
- (fix websocket Jasmine test)

Change-Id: I4303c67f57fc618e911be244091f00bcc2823c91
2017-06-06 17:21:48 -07:00

77 lines
3.5 KiB
Markdown
Raw Blame History

# UI Web Socket Session Establishment
(1) Web client accesses index.html but is redirected to login page for
basic authentication.
(2) `MainIndexResource` (protected page, user is now authenticated) requests
a token to be generated by the `UiTokenService`.
(3) `UiTokenService` generates token, adds it to distributed map as
entry `{token -> username}`, and returns token to `MainIndexResource`.
(4) `MainIndexResource` embeds username and token in `index.html`.
(5) Web client opens web socket connection (promoted from http). Note that
the `UiWebSocket` instance is not marked as "authenticated" yet...
(6) `UiWebSocket` sends bootstrap data (list of ONOS cluster node IPs)
(7) Web client sends initial message "uiAuthenticate", along with username
and authentication token (picked up from `index.html`).
(8) `UiWebsocket` verifies that token is valid via the `UiTokenService`, and
marks itself as "authenticated".
(9) Subsequent `onMessage()` calls to `UiWebSocket` only proceed if
"authenticated" is true.
(10) User logs out of ONOS UI, generates onClose() call.
(11) `UiWebSocket` requests the token be revoked.
(12) `UiTokenService` unmaps the token from the distributed map.
```
WebClient MainIndex UiToken WebSocket
----+---- ----+---- ---+--- ----+----
| login* | | | * basic
(1) o------------------>| | | auth'n
| | issueToken(usr) | |
(2) | o----------------->| |
| | o- map token in |
(3) | | tkn | distrib. map |
| index.html(tkn) |<-----------------o |
(4) |<------------------o | |
| | | onOpen |
(5) o-------------------------------------------------------->|
| bootstrapData | | |
(6) |<--------------------------------------------------------o
| | | |
| | | onMsg(usr,tkn) |
(7) o-------------------------------------------------------->|
| | | isValid(tkn) |
(8) | | |<-----------------o
| | o----------------->|
| | | o- mark socket
| | | | valid
| | | |
| | | onMsg(...) |
(9) o-------------------------------------------------------->|
| | | o- only processed
| | | | if socket valid
: : : :
| | | onClose |
(10) o-------------------------------------------------------->|
| | | revoke(tkn) |
(11) | | |<-----------------o
(12) | | o- unmap token in |
| | | distrib. map |
| | | |
```
Reference in New Issue View Git Blame Copy Permalink