[dev] GET request on unsecure resource fails with ACCESS_DENIED built with SECURED=1

Thu, 24 Dec 2015 18:27:36 +0000 

Hi Madan,

When Iotivity stack is compiled with SECURED=1 , ?all? access requests are 
validated by SRM (in conformance to ACL policies).

Due to this, requests arriving on Server for non-secure resources are also 
checked for valid access.



Currently,  this can be work-around by adding an ACE entry in ACL for 
non-secure resource by ?granting ?all? privileges to everybody (wildcard ID)?.



{

            "sub": "Kg==",

            "rsrc": [

                "/a/light/unsecure?

             ],

             "perms": 8,

             "ownrs" : [ID of the owner of this Server/resource]

    }



Thanks

Sachin

503-264-8071

From: iotivity-dev-bounces at lists.iotivity.org 
[mailto:[email protected]] On Behalf Of Madan Kanth Lanka
Sent: Wednesday, December 23, 2015 10:58 PM
To: iotivity-dev at lists.iotivity.org
Subject: [dev] GET request on unsecure resource fails with ACCESS_DENIED built 
with SECURED=1



Hi,



I have built IoTivity stack with SECURED=1 and created one of the resources 
without OC_SECURE. 

Discovery works fine and I am able to find the resource as non-secured.

When I make a GET request, the server is sending a response with error 46.

As expected, if I host a secure resource with OC_SECURE option, it is working 
fine. 

But I need to create a mix of secure and insecure resources, so this situation 
has come up.


        OCStackResult result = OCPlatform::registerResource(
                                    m_resourceHandle, resourceURI, 
resourceTypeName,
                                    resourceInterface, cb, OC_DISCOVERABLE | 
OC_OBSERVABLE); 



Discovery response


DISCOVERED Resource:
 URI of the resource: /a/light
 Host address of the resource: coap://10.113.64.106:36831
 List of resource types: 
  core.light
  core.brightlight
 List of resource interfaces: 
  oic.if.baseline
  oic.if.ll 




Client Log

onGET Response error: 46 




 Server Log

56:32.359 INFO: SRM-PE: ProcessAccessRequest:no ACL found matching subject for 
resource /a/light
56:32.359 INFO: SRM-PE: ProcessAccessRequest:Leaving 
ProcessAccessRequest(ACCESS_DENIED)



I have raised a JIRA ticket for this issue and attached the logs and json files 
needed.

https://jira.iotivity.org/browse/IOT-920



Thanks,

Madan






  
<http://ext.samsung.net/mailcheck/SeenTimeChecker?do=0384ba8cc6b69b0b7a8b688e8d168e09b56b95bbd5cf6d6215677aff4b6589b54e60fcf6aeb61df594c3b6ddffd7613bcb238d00164b0be48eeb9bec5ad9c75d326bbdfb2ea96a2fcf878f9a26ce15a0>
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151224/36f4e70b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 13168 bytes
Desc: not available
URL: 
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151224/36f4e70b/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7768 bytes
Desc: not available
URL: 
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151224/36f4e70b/attachment.p7s>

Reply via email to