...
For Authentication ODL-AAA bundle is used. Please https://docs.opendaylight.org/en/stable-oxygen/user-guide/authentication-and-authorization-services.html#
Jira |
---|
server | ONAP JIRA |
---|
columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
key | SDNC-648 |
---|
|
PlantUML Macro |
---|
format | SVG |
---|
title | Sequence Diagram |
---|
|
@startuml
' Format
skinparam backgroundColor #fefefe
'skinparam handwritten true
skinparam roundcorner 15
skinparam databaseBorderColor #666666
skinparam databaseBackgroundColor #fefefe
skinparam databaseFontColor #666666
skinparam sequence {
MessageAlign center
ArrowColor #666666
ArrowFontColor #666666
ActorBorderColor #666666
LifeLineBorderColor #666666
LifeLineBackgroundColor #eeeeee
ParticipantBorderColor #666666
ParticipantBackgroundColor #ffffdd
'ParticipantFontName Impact
'ParticipantFontSize 17
ParticipantFontColor #666666
ActorBackgroundColor #ffffdd
'ActorFontColor DeepSkyBlue
'ActorFontSize 17
'ActorFontName Aapex
}
title
User Authentication and Authorization
end title
' Diagram
actor User
participant WebClient order 10
box " \nKaraf OpenDaylight SDN-R" #F7AA5A
participant Jetty order 20
participant AAFShiroRealm order 30
participant CADIfilter order 40
end box
database Log order 50
participant AAF order 60
autonumber
group authentification
User -> WebClient: uri:/odlux/index.html
activate WebClient
WebClient -> Jetty: Any request without token
activate Jetty
Jetty -> WebClient: Login view
deactivate Jetty
User -> WebClient: Provide credentials
WebClient -> Jetty: uri:/oath2/token\nuser:password
activate Jetty
Jetty -> AAFShiroRealm
activate AAFShiroRealm
AAFShiroRealm -> AAF: authentificate
activate AAF
AAF -> AAFShiroRealm: authentificated:true|false
deactivate AAF
AAFShiroRealm -> Jetty
deactivate AAFShiroRealm
Jetty -> Log: Create log entry
Jetty -> WebClient: 200 Ok:token | \n401 Unauthorized
deactivate Jetty
end
group http request
User -> WebClient: Request some data
WebClient -> Jetty: URI and token
activate Jetty
Jetty -> CADIfilter: verify tokenlmao
deactivate Jetty
activate AAF
activate CADIfilter
CADIfilter -> AAF: check access rights \nfor user and uri
note right : To be checked: \nuser or group!
deactivate CADIfilter
AAF -> CADIfilter: true|false
deactivate AAF
activate CADIfilter
CADIfilter -> Jetty: true|false
deactivate CADIfilter
activate Jetty
Jetty -> WebClient: URI-response(200 Ok | \n401 Unauthorized)
deactivate Jetty
end
deactivate WebClient
@enduml |
...