Hi Dears Sentilo Team
Hearing the news about the new release of Sentilo is gratifying for its community.
In FaraCloud we are using Sentilo as a part of our project, but we have some some issue about this project.
Sentilo provides some interesting APIs on data, catalog and other services, for example in catalog service users can create sensors/components via APIs. In this way users can get rid of using dashboard, moreover they might provide some private dashboards for those functions.
In web dashboard there are many functionalities such as those in user and admin panel for manipulating tenant,provider, application and etc. .
We believe if there are some APIs for these features would help people to making their private dashboard.
As part of the Sentilo Users we have come to believe that about developing some APIs for the given functions.
At the first step we develop an API to creating tenant by the separate module that interact to mongodb directly integrating with a security method.
Let me explain a tenant creation flow in sentilo-catalog-web, first user login in dashboard and open the relative page, filling the form and submit it, at the view side jsp page requests redirect to /admin/tenant/create/. Corresponding controller TenantController.java in the package org.faracloud.web.catalog.controller.admin respond to it and pass it to super class CrudController<Tenant> .
In CrudController request maps to createResource method and the continues.
The question that be remain is that , Is it possible to use sentilo-catalog-web implementation to creating the new APIs the described above?
My exactly question is how can we bypass the security of catalog.
I appreciate your help in advance.
Mehdi