Overview of Authentication, Authorization, and Registration
The following chart shows the components in a Red App that require authentication, authorization, and registration with SRWRuntime.
|
Requires authentication? |
Requires authorization? |
Requires registration? |
A Red App uses services that are registered by Sabre data stores or other Red Apps |
Yes |
Yes |
|
A Red App registers its own services |
|
|
Yes |
A Red App registers its own event listeners for events that Sabre and other Red Apps publish |
|
|
Yes |
A Red App publishes its own events |
Yes |
Registration handles authorization. |
Yes |
Authentication
Red Apps are required to authenticate in order to consume synchronous services and to publish events.
Authentication is based on two values:
-
A
RequestorId
. This is the same as the Red App ID. Sabre assigns a unique Red App ID to every Red App. -
A randomly-generated token using a Sabre Red 360 OSGi service in your Java code
When a Red App uses a service or publishes an event, it sets the `RequestorId`and token on the service context for authentication purposes.
The classes to use for authentication follow:
-
If your Red App does NOT contribute to the UI, your Activator must extend AbstractEdgeBaseNonUIPlugin .
-
If your Red App contributes to the UI, your Activator must extend AbstractEdgeBasePlugin .
-
Use the getServiceReference() method to get a reference to the token.
-
Invoke the process() method on an instance of SRWRuntime to use a communications service.
Authorization
Red Apps that use SRWRuntime synchronous services are required to request authorization.
Authorization is also based on a RequestorId
. Again, this is the same as your unique Red App ID. The Red App ID is included in the id
attribute of the RedApp
entity in redapp.xml
.
Authorization is as simple as adding an Authorization
entry to the redapp.xml
configuration file. The Authorization
entry must also include the name
and threshold
attributes for the service. Transactions per second is the default, however, you can specify transactions per minute by adding a metric
attribute. If a Red App publishes events, authorization is handled when the event is registered in redapp.xml.
The following diagram illustrates the flow of authentication with SRWRuntime and a request for authorization to use a service that is registered with the Bus.
Registration
A Red App registers its own services, EventListeners, and Event IDs for publishing events by declaring them in a redapp.xml file.