XConf Angular Admin authorization details

Authorization of XConf works through servlet filter.

To add login filter service web.xml file should be updated by following (example) code:

<filter>
    <filter-name>jwtTokenFilter</filter-name>
    <filter-class>com.JwtTokenFilter</filter-class>
    <init-param>
        <param-name>loginUrl</param-name>
        <param-value>/loginForm</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>jwtTokenFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Backend API

After login is performed through servlet filter, JWT token with user information stored in cookies. When application is opened fist time, "/api/auth/info/" endpoint is called to retrieve all available user information: name, login, permissions, etc:

{
    "serviceName": "XConf",
    "username": "testuser001",
    "firstName": "FirstName",
    "lastName": "LastName",
    "email": "useremail@test.com",
    "permissions": ["read-common", "write-common", "read-dcm-stb", "read-telemetry"],
    "groups": ["xconf_user_group"]
}

UI verification

Each page has a permission verification before access it. This set up is located in state.config.js file:

.state('models', {
                controller: 'ModelController',
                controllerAs: 'vm',
                url: '/model/all',
                templateUrl: 'app/xconf/firmware/model/models.html',
                data: {
                    permissions: [PERMISSION.READ_COMMON]
                }
            })

Also there is verification on UI page itself to permit user's action:

<button class="btn btn-default" type="button"
                        ui-sref="firmwareconfig-edit({firmwareConfigId: firmware.id})"
                        ng-show="authUtils.canWriteFirmwareByApplication($root.applicationType)"
                        title="Edit">
                    <i class=ri-pencil-fill></i>
</button>

Where authUtils.canWriteFirmwareByApplication($root.applicationType) is a function that returns boolead value corresponding the user permission.

Permissions are combined with application type. Currently XConf supports stb, xhome, rdkcloud, sky applications. 

XConf permissions

Admin permission:

• permitAll

Common section:

• read-common
• write-common

FirmwareRuleTemplate permissions:

• read-firmware-rule-templates
• write-firmware-rule-templates

Firmware section (except FirmwareRuleTemplate):

• read-firmware
• read-firmware-*
• read-firmware-stb
• read-firmware-xhome
• read-firmware-rdkcloud
• read-firmware-sky

• write-firmware
• write-firmware-*
• write-firmware-stb
• write-firmware-xhome
• write-firmware-rdkcloud
• write-firmware-sky

DCM:

• read-dcm
• read-dcm-*
• read-dcm-stb
• read-dcm-xhome
• read-dcm-rdkcloud
• read-dcm-sky

• write-dcm
• write-dcm-*
• write-dcm-stb
• write-dcm-xhome
• write-dcm-rdkcloud
• write-dcm-sky

Telemetry:

• read-telemetry
• read-telemetry-*
• read-telemetry-stb
• read-telemetry-xhome
• read-telemetry-rdkcloud
• read-telemetry-sky

• write-telemetry
• write-telemetry-*
• write-telemetry-stb
• write-telemetry-xhome
• write-telemetry-rdkcloud
• write-telemetry-sky

Changes:

• read-changes-*
• read-changes-stb
• read-changes-xhome
• read-changes-rdkcloud
• read-changes-sky

• write-changes-*
• write-changes-stb
• write-changes-xhome
• write-changes-rdkcloud
• write-changes-sky

Tools:

• view-tools
• write-tools