1169c95d89
- notes on authentication of UI web socket connection. - new classes: UiSessionToken, UiTokenService. - UiExtensionManager now implements UiTokenService. - UiWebSocket now expects an authentication event from the client - websocket.js now sends authentication event as first event - (fix websocket Jasmine test) Change-Id: I4303c67f57fc618e911be244091f00bcc2823c91
3.5 KiB
UI Web Socket Session Establishment
(1) Web client accesses index.html but is redirected to login page for basic authentication.
(2) MainIndexResource (protected page, user is now authenticated) requests
a token to be generated by the UiTokenService.
(3) UiTokenService generates token, adds it to distributed map as
entry {token -> username}, and returns token to MainIndexResource.
(4) MainIndexResource embeds username and token in index.html.
(5) Web client opens web socket connection (promoted from http). Note that
the UiWebSocket instance is not marked as "authenticated" yet...
(6) UiWebSocket sends bootstrap data (list of ONOS cluster node IPs)
(7) Web client sends initial message "uiAuthenticate", along with username
and authentication token (picked up from index.html).
(8) UiWebsocket verifies that token is valid via the UiTokenService, and
marks itself as "authenticated".
(9) Subsequent onMessage() calls to UiWebSocket only proceed if
"authenticated" is true.
(10) User logs out of ONOS UI, generates onClose() call.
(11) UiWebSocket requests the token be revoked.
(12) UiTokenService unmaps the token from the distributed map.
WebClient MainIndex UiToken WebSocket
----+---- ----+---- ---+--- ----+----
| login* | | | * basic
(1) o------------------>| | | auth'n
| | issueToken(usr) | |
(2) | o----------------->| |
| | o- map token in |
(3) | | tkn | distrib. map |
| index.html(tkn) |<-----------------o |
(4) |<------------------o | |
| | | onOpen |
(5) o-------------------------------------------------------->|
| bootstrapData | | |
(6) |<--------------------------------------------------------o
| | | |
| | | onMsg(usr,tkn) |
(7) o-------------------------------------------------------->|
| | | isValid(tkn) |
(8) | | |<-----------------o
| | o----------------->|
| | | o- mark socket
| | | | valid
| | | |
| | | onMsg(...) |
(9) o-------------------------------------------------------->|
| | | o- only processed
| | | | if socket valid
: : : :
| | | onClose |
(10) o-------------------------------------------------------->|
| | | revoke(tkn) |
(11) | | |<-----------------o
(12) | | o- unmap token in |
| | | distrib. map |
| | | |