Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Creating Entity APIs

44 views
Skip to first unread message

mehdi.al...@gmail.com

unread,
Dec 26, 2020, 9:12:20 AM12/26/20
to Sentilo
Hi Dears Sentilo Team
Hearing the news about the new release of Sentilo is gratifying for its community. 
In FaraCloud we are using Sentilo as a part of our project,  but we have some some issue about this project.
Sentilo provides some interesting APIs on data, catalog and other services, for example in catalog service users can create sensors/components via APIs.  In this way users can get rid of using dashboard,  moreover they might provide some private dashboards  for those functions. 
In web dashboard there are many functionalities   such as those in user and admin panel for manipulating  tenant,provider, application and etc. . 
We believe if there are some APIs for these features would help people to making their private dashboard.
As part of the Sentilo Users we have come to believe that about developing some APIs for the given functions. 
At the first step we develop an API to  creating tenant by the separate module that interact to mongodb directly integrating with a security method. 
Let me explain a tenant creation flow in sentilo-catalog-web,  first user login in dashboard and open the relative page, filling the form and submit it,  at the view side  jsp page requests redirect to /admin/tenant/create/. Corresponding  controller  TenantController.java in the package org.faracloud.web.catalog.controller.admin respond to it and pass  it to super class CrudController<Tenant> . 
In CrudController request maps to createResource method and  the continues. 
The question that be remain is that , Is it possible to use sentilo-catalog-web implementation to creating the new APIs the described above?
My exactly question is how can we bypass the security of catalog.
I appreciate your help in advance. 

Mehdi

mehdi.al...@gmail.com

unread,
Dec 28, 2020, 5:05:25 AM12/28/20
to Sentilo
for the given question I think I have to implement a new version of CrudController and remove the @PreAuthorize(..)  for bypassing the default security mechanism.  

Do you have any IRC channel which allows me to communicate with your team directly?

Sentilo IO

unread,
Dec 29, 2020, 3:30:39 AM12/29/20
to Sentilo
Hi Mehdi,

unfortunately we don't provide IRC channel, only limited support it this forum.

If we understand it correctly, your question is exclusively about Catalog and has 2 parts:
1. How to extend an admin controller
2. How to bypass security for some methods of a controller

As to point 1:
Controllers are implemented with Spring MVC, so you can enhance them following the documentation. However at this point it is hard to say if a new functionality that you need is viable or not in the context of how Sentilo works internally.

As to point 2:
It sounds that you might be creating a security problem, unless there is another external security layer on top of all that.
However, you might take a look at this configuration file:
/sentilo/sentilo-catalog-web/src/main/resources/spring/catalog-security-context.xml
It contains a list of paths and their restrictions, so there should be no need to create another copy of the CrudController.


There's also an option for you to contract Sentilo developers for the implementation of this feature. If you are interested, you can contact some software development company from the list of Sponsors or Partners.

Best Regards,
Sentilo Team.

mehdi.al...@gmail.com

unread,
Feb 2, 2021, 2:40:52 PM2/2/21
to Sentilo
thank you for the response 
We intend to have some APIs such as catalog APIs which enable creating sensors, components ,... . For almost all entities we are going to develop some APIs doing CRUD operation  which these operation  now handle by the web dashboard. Our purpose is to provide new capabilities to tenant to develop their personal dashboard via the platform APIs. 
In Faracloud we prefer to use the current Sentilo web dashboard with has the good design, but still we are working on those APIs. Whenever we finish the job we share the code with you.
Now I have another question: 
In our system in addition Sentilo we employ some other systems with  open authentication. We have multiple dashboards alongside sentilo dashboard like  grafana, API manager  and some BSS systems. Our integration  for all systems is such as SSO(Single Sign-On) but sentilo dashboard has its login mechanism and we do not have enough information weather it support open authentication protocols or not? 
If sentilo does not support given protocols is it possible to briefly describe how we can implement it.
We give our best regards to You.

Sentilo IO

unread,
Feb 4, 2021, 3:15:14 AM2/4/21
to Sentilo
Hi Mehdi,

SSO is one of the features that could be developed in the future, but currently it's not planned.
We have not analyzed it in depth, but the solution should be based on existing standards, such as OAuth or SAML.

Regards,
Sentilo Team.


Reply all
Reply to author
Forward
0 new messages