...
For Authentication ODL-AAA bundle is used. Please https://docs.opendaylight.org/en/stable-oxygen/user-guide/authentication-and-authorization-services.html#
SDNC-648
PlantUML Macro | ||||
---|---|---|---|---|
| ||||
@startuml ' Format skinparam backgroundColor #fefefe 'skinparam handwritten true skinparam roundcorner 15 skinparam databaseBorderColor #666666 skinparam databaseBackgroundColor #fefefe skinparam databaseFontColor #666666 skinparam sequence { MessageAlign center ArrowColor #666666 ArrowFontColor #666666 ActorBorderColor #666666 LifeLineBorderColor #666666 LifeLineBackgroundColor #eeeeee ParticipantBorderColor #666666 ParticipantBackgroundColor #ffffdd 'ParticipantFontName Impact 'ParticipantFontSize 17 ParticipantFontColor #666666 ActorBackgroundColor #ffffdd 'ActorFontColor DeepSkyBlue 'ActorFontSize 17 'ActorFontName Aapex } title User Authentication and Authorization end title ' Diagram actor User participant WebClient order 10 box " \nKaraf OpenDaylight SDN-R" #F7AA5A participant Jetty order 20 participant AAFShiroRealm order 30 participant CADIfilter order 40 end box database Log order 50 participant AAF order 60 autonumber group authentification User -> WebClient: uri:/odlux/index.html activate WebClient WebClient -> Jetty: Any request without token activate Jetty Jetty -> WebClient: Login view deactivate Jetty User -> WebClient: Provide credentials WebClient -> Jetty: uri:/oath2/token\nuser:password activate Jetty Jetty -> AAFShiroRealm activate AAFShiroRealm AAFShiroRealm -> AAF: authentificate activate AAF AAF -> AAFShiroRealm: authentificated:true|false deactivate AAF AAFShiroRealm -> Jetty deactivate AAFShiroRealm Jetty -> Log: Create log entry Jetty -> WebClient: 200 Ok:token | \n401 Unauthorized deactivate Jetty end group http request User -> WebClient: Request some data WebClient -> Jetty: URI and token activate Jetty Jetty -> CADIfilter: verify tokenlmao deactivate Jetty activate AAF activate CADIfilter CADIfilter -> AAF: check access rights \nfor user and uri note right : To be checked: \nuser or group! deactivate CADIfilter AAF -> CADIfilter: true|false deactivate AAF activate CADIfilter CADIfilter -> Jetty: true|false deactivate CADIfilter activate Jetty Jetty -> WebClient: URI-response(200 Ok | \n401 Unauthorized) deactivate Jetty end deactivate WebClient @enduml |
...