diff options
author | 2016-06-16 14:50:31 +0200 | |
---|---|---|
committer | 2016-06-16 14:50:31 +0200 | |
commit | adf7e6616c2a8d6f60207059288423f693509928 (patch) | |
tree | b79848d3b61f28e975f4730de541532c5089c6ed /odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd | |
parent | 506a1fc1252268fa31ba89882ea55b7665579965 (diff) |
Add new version of aaa
Change-Id: I94d72011e6019e66c98f46d11436a5cb33ff295d
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd')
-rw-r--r-- | odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd b/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd new file mode 100644 index 00000000..3a1c1474 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd @@ -0,0 +1,25 @@ +title Resource Access Sequence with Access Token + + This walks through a listing request of a secured resource (MD-SAL topology) + from a client to the ODL controller using an access token (either one generated + by the ODL token endpoint, or a token from a third-party IdP) and shows how the + authentication context get set upon successful token validation. If token + validation fails, the TokenAuthFilter will return a 401, and the REST layer + will be oblivious to the failed request. + +Client -> ServletContainer: list topologies +note right of Client +(Authorization = access token) +end note +ServletContainer -> TokenAuthFilter: access token +loop foreach TokenAuth + TokenAuthFilter -> TokenAuth: validate(token) + TokenAuth -> TokenAuth: validateToken +end +TokenAuth -> TokenAuthFilter: Authentication +note left of TokenAuth +(user/domain/roles/expiration) +end note +TokenAuthFilter -> AuthenticationService: set(Authentication) +TokenAuthFilter -> RestConf: list topologies +RestConf -> AuthenticationService: get: Authentication
\ No newline at end of file |