This page last changed on Jul 26, 2014 by amcnabb.

As a proposed solution to an issue of user authentication with our client's devices and protocols, our team would like to know what the possible interactions the OR app can have with the mobile devices. Our use case in mind for this enquiry is based on a non-authenticated user attempting to access the devices, we would want to prompt them via a Toast or AlertDialog in Android OS, for example, to login before devices will update.

Or similarly, if the user is not authenticated can the app restrict navigation or redirect the user to specific screens. We would ideally like to prevent access to the functionality and status of the devices if the user is unknown.

Are these possible in the current build? If not, would it be possible for our team to look into implementing this functionality for the OR app?

Kind Regards,

With the current build, it is possible to resources using the standard Java Servlet Security Constraint mechanism.
This means that if you apply that to the OR REST API, you can restrict access to a specific panel to authenticated users only.

For instance, if you add a security constraint to the .../controller/rest/panel/AdminPanel URL, then the console will only be able to fetch the AdminPanel definition after you provide the required credentials.

This however does not protect the commands themselves, so if a user knows the id of a button or a sensor, he could still get access using direct REST calls to those.
You could potentially protect those calls also, but usage of ids makes it quite difficult and brittle (e.g. ids might change when you update your UI design).

There is currently no way to force navigation to a given panel or to popup a panel in a console (not from controller, not locally).

Posted by ebariaux at Aug 20, 2014 10:32
Document generated by Confluence on Jun 05, 2016 09:31