Hi, all,
I'm just getting started with iotivity, so my apologies of this has been
covered before, or if I've just skipped a step somewhere.
I am trying to work through an application that includes some app-specific
authentication. It looks like that would be straight-forward, by
calling SRMRegisterHandler() with a request handler to do what I need to
do. However, I would also like to use DTLS and have specified SECURE=1.
The SRMRegisterHandler method has this code:
#if defined(__WITH_DTLS__)
CARegisterHandler(SRMRequestHandler, SRMResponseHandler,
SRMErrorHandler);
#else
CARegisterHandler(reqHandler, respHandler, errHandler);
#endif /* __WITH_DTLS__ */
Which passes the buck to SRMRequestHandler(), but that method calls
reqHandler thusly:
if (IsAccessGranted(response) && gRequestHandler)
{
gRequestHandler(endPoint, requestInfo);
return;
}
Meaning that it is already checking for authorization before I have a
chance to check authenticity of the request and subject. Not a huge deal,
perhaps, but I'd like to avoid spending resources on bogus requests.
Should I be instead trying to inject something in at the DTLS level? I was
hoping to just layer on top of that, and perhaps have an interface to
SRMRegisterHandler
that would separate the concerns of authentication and authorization, so I
could leverage the infrastructure already in place for the PE, etc., but
just add my bit of authentication at the front end of the process (post
transport-level authentication).
Hope that makes sense.
Thanks!
Carl
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20160727/fc96185e/attachment.html>
