mirror of
				https://github.com/opennetworkinglab/onos.git
				synced 2025-10-25 22:31:07 +02:00 
			
		
		
		
	- notes on authentication of UI web socket connection. - new classes: UiSessionToken, UiTokenService. - UiExtensionManager now implements UiTokenService. - UiWebSocket now expects an authentication event from the client - websocket.js now sends authentication event as first event - (fix websocket Jasmine test) Change-Id: I4303c67f57fc618e911be244091f00bcc2823c91
		
			
				
	
	
		
			77 lines
		
	
	
		
			3.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			77 lines
		
	
	
		
			3.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # UI Web Socket Session Establishment
 | |
| 
 | |
| (1) Web client accesses index.html but is redirected to login page for
 | |
|     basic authentication.
 | |
| 
 | |
| (2) `MainIndexResource` (protected page, user is now authenticated) requests
 | |
|     a token to be generated by the `UiTokenService`.
 | |
| 
 | |
| (3) `UiTokenService` generates token, adds it to distributed map as
 | |
|     entry `{token -> username}`, and returns token to `MainIndexResource`.
 | |
| 
 | |
| (4) `MainIndexResource` embeds username and token in `index.html`.
 | |
| 
 | |
| (5) Web client opens web socket connection (promoted from http). Note that
 | |
|     the `UiWebSocket` instance is not marked as "authenticated" yet...
 | |
| 
 | |
| 
 | |
| (6) `UiWebSocket` sends bootstrap data (list of ONOS cluster node IPs)
 | |
| 
 | |
| (7) Web client sends initial message "uiAuthenticate", along with username
 | |
|     and authentication token (picked up from `index.html`).
 | |
| 
 | |
| (8) `UiWebsocket` verifies that token is valid via the `UiTokenService`, and
 | |
|     marks itself as "authenticated".
 | |
| 
 | |
| (9) Subsequent `onMessage()` calls to `UiWebSocket` only proceed if 
 | |
|     "authenticated" is true.
 | |
| 
 | |
| (10) User logs out of ONOS UI, generates onClose() call.
 | |
| 
 | |
| (11) `UiWebSocket` requests the token be revoked.
 | |
| 
 | |
| (12) `UiTokenService` unmaps the token from the distributed map.
 | |
| 
 | |
| 
 | |
| ```
 | |
|  WebClient           MainIndex           UiToken           WebSocket
 | |
|  ----+----           ----+----           ---+---           ----+----
 | |
|      |            login* |                  |                  |    * basic
 | |
| (1)  o------------------>|                  |                  |     auth'n 
 | |
|      |                   |  issueToken(usr) |                  |
 | |
| (2)  |                   o----------------->|                  |
 | |
|      |                   |                  o- map token in    |
 | |
| (3)  |                   | tkn              |  distrib. map    |
 | |
|      | index.html(tkn)   |<-----------------o                  |
 | |
| (4)  |<------------------o                  |                  |
 | |
|      |                   |                  |           onOpen |
 | |
| (5)  o-------------------------------------------------------->|
 | |
|      | bootstrapData     |                  |                  |
 | |
| (6)  |<--------------------------------------------------------o
 | |
|      |                   |                  |                  |
 | |
|      |                   |                  |   onMsg(usr,tkn) |
 | |
| (7)  o-------------------------------------------------------->|
 | |
|      |                   |                  | isValid(tkn)     |
 | |
| (8)  |                   |                  |<-----------------o
 | |
|      |                   |                  o----------------->| 
 | |
|      |                   |                  |                  o- mark socket
 | |
|      |                   |                  |                  |  valid
 | |
|      |                   |                  |                  |
 | |
|      |                   |                  |       onMsg(...) |
 | |
| (9)  o-------------------------------------------------------->|
 | |
|      |                   |                  |                  o- only processed
 | |
|      |                   |                  |                  |  if socket valid
 | |
|      
 | |
|      :                   :                  :                  :
 | |
|      
 | |
|      |                   |                  |          onClose |
 | |
| (10) o-------------------------------------------------------->|
 | |
|      |                   |                  | revoke(tkn)      |
 | |
| (11) |                   |                  |<-----------------o
 | |
| (12) |                   |                  o- unmap token in  |
 | |
|      |                   |                  |  distrib. map    |
 | |
|      |                   |                  |                  |
 | |
| ```
 | |
| 
 | |
| 
 |