This page last changed on Jul 05, 2014 by tomas.morton.
I'm looking for a way to track what device a command is sent from (MAC / IP / SessionID), in order to provide authentication. Is there any way to do this?
I've had a look through the code but I can't see anywhere that I would be able to access that sort of information from my protocol (and if commands are sent to a RESTful service there's no guarantee there is any session tracking done at all).
What device are you referring to (that one you want to track) ?
Is it the device under control by OR ? Or the "computer" running the OR controller ? Or the OR console ?
Posted by ebariaux at Jul 05, 2014 15:26
I'm looking to track the devices connecting to the controller - the android / iOS / web console devices.
The Protege controller requires you to login using a PIN code before commands will be accepted. We have set it up so that you can login with a typical keypad type interface through the app, but of course the PIN used needs to be remembered on the OR controller. The problem here is that if a new device was to send a command to the OR controller, currently the Protege controller would treat the two devices as the same.
If I am able to track which device is trying to send commands I can ensure that they are properly authorized to send commands.
But maybe I am missing a fundamental element of OR here - is the CommandBuilder singleton, one-per-device or one-per-command?
Can commands be sent to the OR controller through basic HTTP requests, and if so how would that know which device sent the command?
Posted by tomas.morton at Jul 05, 2014 22:12
Thanks, I better understand what you're after.
Unfortunately, I don't really think this can be achieved with the current design.
There is no general mechanism to identify a particular panel to the controller so for instance when a button a pressed, the REST call to the controller does not have any indication of which device it comes from.
The only place where there is some kind of identification is in the status polling call, so that the cache knows which data to send. But this information is not propagated to the "protocol layer", only used by the sensor polling service itself.
You can use security at the Tomcat level (in web.xml) to ensure that all REST calls need to be authenticated, but again I don't think you can get access to the principal in your protocol implementation and that would probably introduce a dependency on servlet API, which is not desirable.
We should keep this use case in mind for an update version of the controller API, but I'm this stage, don't see a way to make that work.
Posted by ebariaux at Jul 08, 2014 13:59
Thanks for the reply Eric. That is very unfortunate. I'll talk to my team and client and see if anyone has further ideas.
Posted by tomas.morton at Jul 08, 2014 19:34