Hi Jay,
If a resource is registered as unsecured at Server, it should be discovered
with a ?coap? URI scheme. Since you are experiencing an issue here,
please file a Jira ticket for this bug.
When Iotivity stack is compiled with SECURED mode, Secure Resource Manager
(SRM) will ?always? perform access checks by consulting /oic/sec/acl resource
before routing the request to RI layer. This will happen ?irrespective? of if
the resource is registered with OC_SECURE or not.
If you truly want to allow access to some resource(secure or un-secure) to
everybody, you can include a ACE entry in this fashion:
{
"sub": "Kg==", <<Allows Wildcard access>>
"rsrc": [
"/some/light/resource"
],
"perms": 2, <<Grants ?Read? access to everybody>>
"ownrs" : ["MTExMTExMTExMTExMTExMQ=="]
}
Some faq?s about Iotivity Security are here (https://wiki.iotivity.org/faq_s).
Thanks
Sachin
From: iotivity-dev-bounces at lists.iotivity.org
[mailto:[email protected]] On Behalf Of Junghyun Oh
Sent: Thursday, November 26, 2015 1:23 AM
To: iotivity <iotivity-dev at lists.iotivity.org>
Subject: [dev] Not able to access the non-secure resource registered into the
IoTivity with Secured mode
Dear IoTivity-Security Maintainer,
I have found that the non-secure resource registered into the IoTivity Stack
with ?Secured? mode cannot be accessed through the network.
Here is the code snippet that I?m using.
Case 1. Non-Secured Resource with Discoverable Property
OCStackResult ret = OCCreateResource(&m_Handle,
resource_Type,
resource_Interface,
resource_URI,
eh,
NULL,
OC_DISCOVERABLE|OC_OBSERVABLE);
Case 2. Non-Secured Resource with Not-Discoverable Property
OCStackResult ret = OCCreateResource(&m_Handle,
resource_Type,
resource_Interface,
resource_URI,
eh,
NULL,
OC_ACTIVE);
Remind that I didn?t put ?OC_SECURE? flag when I register my resource in both
cases.
And when I broadcast discovery message, the HOST address of the found
non-secure resource (Case 1) in the response message was
?coaps://xxx.xxx.xxx.xxx:yyyy?.
Moreover, the resource client was not able to access(receiving response by
sending GET/POST requests) to that resource in both cases if it does not
execute the ?Provisioning? process.
Question is
1. ?Is it right to use scheme type ?coaps? in host information of the
un-secured resource if the server uses the IoTivity stack with ?Secured? mode??.
2. ?Is it right handling if not sending response back to the request on the
non-secure resource if the server uses the IoTivity stack with ?Secured? mode??
Seems like ?coap? was used in the ?Non-Secured? mode and ?coaps? in the
?Secured? mode of the IoTivity stack by default.
I think the scheme should be ?coap? in the response from non-secure resource
regardless of the IoTivity mode(secured vs. non-secured) if the app. developer
register the resource without ?OC_SECURE? flag intentionally.
However, I just want to check whether this is intended design or not, and if
it?s not intended, I would like to create a jira ticket for this.
I will be appreciated if you, IoTivity-Security Maintainer, share us some
explanation on this issue. :)
Thank you.
Jay.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151129/51a9dff4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7768 bytes
Desc: not available
URL:
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151129/51a9dff4/attachment.p7s>
