blob: 3a1c1474e9d23556bd4ca3c633c38db18002b4b6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
title Resource Access Sequence with Access Token
This walks through a listing request of a secured resource (MD-SAL topology)
from a client to the ODL controller using an access token (either one generated
by the ODL token endpoint, or a token from a third-party IdP) and shows how the
authentication context get set upon successful token validation. If token
validation fails, the TokenAuthFilter will return a 401, and the REST layer
will be oblivious to the failed request.
Client -> ServletContainer: list topologies
note right of Client
(Authorization = access token)
end note
ServletContainer -> TokenAuthFilter: access token
loop foreach TokenAuth
TokenAuthFilter -> TokenAuth: validate(token)
TokenAuth -> TokenAuth: validateToken
end
TokenAuth -> TokenAuthFilter: Authentication
note left of TokenAuth
(user/domain/roles/expiration)
end note
TokenAuthFilter -> AuthenticationService: set(Authentication)
TokenAuthFilter -> RestConf: list topologies
RestConf -> AuthenticationService: get: Authentication
|
