Versions Compared

Version Old Version 18 New Version 19
Changes made by

Søren Duusgaard (Deactivated)

Søren Duusgaard (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Date:

Author:

Version:

Changes:

Completed

Ext.

Int.

Is in Core

Jira Ref.

0.1

Doc. created

 

x

 

N/A

 

22 November 2018Emil Ion Ifrim0.2Brand EnablingYesx N/A  

Overview

This page describes the security layers of the REST web app. There are two security layers:

  1. Authentication
    1. Client-authentication:The database table OAUTH_CLIENT_DETAILS describes the servers, which are allowed to make calls to the REST web app. (Typically this will be the selfcare web app and, when in development, the Swagger UI)
    2. User/Operator/App-authentication: A username/password based security layer that upon each requests matches a token from the request against an in-memory map from token to logged in users.
  2. Authorization: A fine grained access rights control implemented in all resources that shall have limited access. This layer is customizabile: The customer can register their own rules. The default rules are all based on "ownership": Account-ownership, BillingGroup-ownership and Subscription-ownership.

...

Authentication

Authentication is triggered by the Authorization layer. If a resource does not require Authorization, then it's considered open for access, unless brand access check is in place. The Authentication protocol used is OAUTH2  and the implementation used is from Spring Framework.

...