diff options
author | Trevor Bramwell <tbramwell@linuxfoundation.org> | 2016-09-12 11:06:56 -0700 |
---|---|---|
committer | Trevor Bramwell <tbramwell@linuxfoundation.org> | 2016-09-12 11:07:49 -0700 |
commit | cf864337c13b4638c588badf3f589f9e39318c95 (patch) | |
tree | de6f96976a0e8986abd3176026790c2e33272bc5 /upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd | |
parent | 42357cd33b44b22dbebec8cdecdb29b9d76e5f99 (diff) |
Move ODL-AAA-MOON under 'upstream' Directory
Change-Id: Ie010fbe3899e151421940908dbe8675aade54e2d
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
Diffstat (limited to 'upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd')
-rw-r--r-- | upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd b/upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd new file mode 100644 index 00000000..3a1c1474 --- /dev/null +++ b/upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/resource_access_sequence.wsd @@ -0,0 +1,25 @@ +title Resource Access Sequence with Access Token + + This walks through a listing request of a secured resource (MD-SAL topology) + from a client to the ODL controller using an access token (either one generated + by the ODL token endpoint, or a token from a third-party IdP) and shows how the + authentication context get set upon successful token validation. If token + validation fails, the TokenAuthFilter will return a 401, and the REST layer + will be oblivious to the failed request. + +Client -> ServletContainer: list topologies +note right of Client +(Authorization = access token) +end note +ServletContainer -> TokenAuthFilter: access token +loop foreach TokenAuth + TokenAuthFilter -> TokenAuth: validate(token) + TokenAuth -> TokenAuth: validateToken +end +TokenAuth -> TokenAuthFilter: Authentication +note left of TokenAuth +(user/domain/roles/expiration) +end note +TokenAuthFilter -> AuthenticationService: set(Authentication) +TokenAuthFilter -> RestConf: list topologies +RestConf -> AuthenticationService: get: Authentication
\ No newline at end of file |