Author: jawi
Date: Wed Apr 25 11:35:34 2012
New Revision: 1330212
URL: http://svn.apache.org/viewvc?rev=1330212&view=rev
Log:
Small updates to text; new version of image.
Modified:
ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext
ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg
Modified: ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext
URL:
http://svn.apache.org/viewvc/ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext?rev=1330212&r1=1330211&r2=1330212&view=diff
==============================================================================
--- ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext (original)
+++ ace/site/trunk/content/dev-doc/design/ace-authentication.mdtext Wed Apr 25
11:35:34 2012
@@ -17,8 +17,8 @@ Before going in more depth on the authen
In figure 1, several communication paths exists (denoted by the circled
digits):
-1. the client communicates to the server by means of both direct calls to its
services as well as remoted calls (by means of HTTP[^1]);
-2. a management agent (representing the target) communicates to the management
server through HTTP calls;
+1. the client communicates to the ACE server by means of both direct calls to
its services as well as remoted calls (by means of HTTP[^1]);
+2. a management agent (representing the target) communicates to the ACE server
through HTTP calls;
3. the REST API exposes the entire client API in a RESTful way. Communication
to the client occurs by both direct calls as well as through HTTP;
4. the Vaadin Web UI exposes the entire client API as web application. Similar
as the REST API, it communicates both directly as through HTTP with the client.
@@ -91,6 +91,7 @@ To make this more concrete, an example o
The service configuration, located in `org.apache.ace.obr.servlet.cfg`, looks
like:
+ :::properties
# Endpoint for this servlet
org.apache.ace.server.servlet.endpoint=/obr
# Whether or not authentication is to be used
@@ -98,6 +99,7 @@ The service configuration, located in `o
In `BundleServlet` we add the following code:
+ :::java
private volatile boolean m_useAuth;
private volatile AuthenticationService m_authService;
@@ -137,6 +139,7 @@ As almost all of the services in ACE are
The actual authentication implementation itself is rather trivial: we simply
intercept all incoming requests in our servlet and verify whether it resolves
to a valid user:
+ :::java
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
if (!authenticate(req)) {
@@ -165,6 +168,7 @@ Note that this implementation does not t
Now that the remote service itself is no longer accepting unauthenticated
requests, we need to supply the credentials to access this service to the
`ConnectionFactory` service. This service can be configured using the PID
`org.apache.ace.connectionfactory` (*note that it is a configuration
factory!*), which would result in the following configuration for accessing our
`BundleServlet`:
+ :::properties
# What kind of authentication should we supply
authentication.type = basic
# The actual credentials for basic authentication
@@ -182,11 +186,11 @@ When this configuration is supplied to t
[^1]: Other communication protocols could be used as well. However, currently,
only HTTP is natively supported by ACE. For the remainder of this article,
we'll assume HTTP as protocol.
-[^2]: Assuming that all components in the management server are trusted and
obtained from trusted sources. If untrusted components would be allowed, we
need to add authentication to these communication paths as well.
+[^2]: Assuming that all components in the ACE server are trusted and obtained
from trusted sources. If untrusted components would be allowed, we need to add
authentication to these communication paths as well.
[^3]: It is up to the implementation of `AuthenticationService` whether the
*first* found user is returned, or whether it checks if all authentication
processors yield the *same* user, or any other strategy that is desired.
-[^4]: Amongst others, any number of log-endpoints can be defined, at least one
is needed for the audit log to be synchronized between target and management
server.
+[^4]: Amongst others, any number of log-endpoints can be defined, at least one
is needed for the audit log to be synchronized between target and ACE server.
[^5]: Note that we're using a configuration dependency for this service. This
way, the configuration **must** be present before the service itself is
registered, which allows us to determine if authentication should be used or
not.
Modified: ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg
URL:
http://svn.apache.org/viewvc/ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg?rev=1330212&r1=1330211&r2=1330212&view=diff
==============================================================================
--- ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg (original)
+++ ace/site/trunk/content/dev-doc/design/auth_connectionfactory.svg Wed Apr 25
11:35:34 2012
@@ -1,13 +1,23 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd";>
-<svg height="98" version="1.1" width="262" xmlns="http://www.w3.org/2000/svg";>
-<rect fill="#ffffff" height="70" stroke="#ffffff" stroke-width="1" width="234"
x="14" y="14"/>
-<rect fill="none" height="70" stroke="#000000" stroke-width="1" width="234"
x="14" y="14"/>
-<text font-family="Lucida Grande" font-size="13" x="72" y="48">
+<svg height="226" version="1.1" width="262" xmlns="http://www.w3.org/2000/svg";>
+<rect fill="#ffffff" height="70" stroke="#ffffff" stroke-width="1" width="234"
x="14" y="142"/>
+<rect fill="none" height="70" stroke="#000000" stroke-width="1" width="234"
x="14" y="142"/>
+<text font-family="Lucida Grande" font-size="13" x="72" y="176">
ConnectionFactory</text>
-<text font-family="Lucida Grande" font-size="13" x="83" y="29">
+<text font-family="Lucida Grande" font-size="13" x="83" y="157">
<<interface>></text>
-<rect fill="#000000" height="1" stroke="#000000" stroke-width="1" width="234"
x="14" y="58"/>
-<text font-family="Lucida Grande" font-size="13" x="18" y="73">
+<rect fill="#000000" height="1" stroke="#000000" stroke-width="1" width="234"
x="14" y="186"/>
+<text font-family="Lucida Grande" font-size="13" x="18" y="201">
createConnection() : URLConnection</text>
+<rect fill="#ffffff" height="72" stroke="#ffffff" stroke-width="1" width="232"
x="14" y="14"/>
+<rect fill="none" height="72" stroke="#000000" stroke-width="1" width="232"
x="14" y="14"/>
+<text font-family="Lucida Grande" font-size="13" x="57" y="48">
+ManagedServiceFactory</text>
+<text font-family="Lucida Grande" font-size="13" x="82" y="29">
+<<interface>></text>
+<rect fill="#000000" height="1" stroke="#000000" stroke-width="1" width="232"
x="14" y="58"/>
+<polyline fill="none" points="131,142 131,85" stroke="#333399"
stroke-width="1"/>
+<polygon fill="#ffffff" points="131,85 138,97 124,97" stroke="#ffffff"
stroke-width="1"/>
+<polygon fill="none" points="131,85 138,97 124,97" stroke="#333399"
stroke-width="1"/>
</svg>
