Objective
- User management will be standalone application that should be deployed in parallel with other application.
- User management data should not be affected if we redeploy or delete other application.
- Option to enable/disable user management.
- We have to deal with two types of requests, UM and application based.
Login, Logout, Change/Reset Password
- Login : From User management UI user will login, request will go to UM authentication facet for validation.
- Logout : Request goes to authentication facet and will delete the session and facet data.
- Reset Password : Request goes on UserManagement FacetIDName endpoint with user name in request.
- Change Password : Request goes on UserManagement FacetIDName endpoint with user name, old password and new password in request. Request will be rejected if userToken is not valid. Before changing the password old password and new password will be validated.
Roles, Capability, Mapping and Grant permission
- Create Role, capabilities, mappings, permission etc : These all requests should goes to UM Facet endpoint. On request userToken will be verified and will get rejected if it is not valid. Cache modifiers will also be applicable while doing operations on role, capability, mapping etc. Users mapped with roles having access of these data models can only be able to perform these action.
- Cache modifiers : Cache modifier should be created on both FacetIDName and WSFacetIdName for every role. We also need to create cache modifier on application for those models which are associated with that application.
Handling of all HTTP request :
- There will be two modes of requests based on the application i.e UM and application based.
- UM requests should be handled at UM facets after modification and application based requests will be handled at application facets after fetching application details from applicationDetails data model.
How cache modifier will be created on UM and application ?
- User will create role and capabilities. Those user who have the read-write access of these models could only be able to create these.
- After creating role and capabilities, user will do the mappings of role-capability and capability-model association with permissions[ReadWrite, ReadOnly, Hidden].
- RoleBasedModelModifier will be called after mappings, this will create cache modifier at FacetIDName and WSFacetIDName.
- We need to filter models before creating cache modifier as some of the models belongs to application also. Use show entity on UM to find out.
- Filter those models which belongs to applications, create cache modifier at UM ( do request on Facetid and WSFacetID).
- Now, do request on application facet and find out the models that belongs to that application and make a list of that.
- Do request on FacetID and WSFacetId to create model modifier on that application
How request could be handled at application ? How much changes we need to do at application side ?
- As we have two applications and our authentication is happening at UM side. But, requests may belongs to UM or application. Application models/macros would not be available from UM. So, we need to redirect those request to application facets. So for every request we need to filter whether request belongs to UM or application.
- We need to create 1 data model at UM to save application details(sysid, appName, appFacetIdName, appWSFacetIdName, appServer, appPort).
- We need to modify our request format and have to add appName in request header. So, our request header should have userToken and appName.
- From above we can filter our request whether it belongs to app/UM.
- UM requests will be handled easily as we have cache modifier created right there. We need to add modifier with every request for that role. For that we need to capture userToken from header and find out role associated with it. And, we need to add modifier for that role.
- Now, for application requests. We need to add modifier at application side and do request on application facet with modified request. For adding modifier we can do two things : 1. We can do dorequest on application facet with addModifier(cache), when we follow this approach we don't need to change anything on application side. For this approach we can enable ProjectSettings_EnforceKey, and while requesting we need this project key. 2. We can addModifier at application side itself with cacheKey. And, this cacheKey will be provided in headers/arguments with every request. In case it is not provided request will be invalid. When we follow this approach we need to change the generic mqp for application side.
- Issue while applying cache modifier : one issue that will come while applying cache modifier is while creating cache modifier it expects 1 hidden attribute. And, we have handled this in our previous approach by creating 1 dummy hidden model at UM side. But in our new case we are creating cache modifier at application also, so we need to add 1 hidden model there also.
Jira Tasks
| S.No | Task Id | Description | Status |
|---|---|---|---|
| 1 | TQLPROD-2574 | Jira Epic : with all the details of UM works to do. | Work in Progress |
| 2 | TQLPROD-2580 | Create Data Model for ApplicationDetails | Partially Done, Created model, I need to write an macro for validating the application end point. |
| 3 | TQLPROD-2581 | Code for creating cache modifier at application end points | Done for HTTP and Tested that also. |
| 4 | TQLPROD-2582 | Restrict application for outside use and add code to UM to access after validation only | Done, restricted the application for the outside use by enforcing key, added a field in appdetails in data model for saving application key. |
| 5 | TQLPROD-2583 | Macro for listing all models of UM and applicaton | Not started |
| 6 | TQLPROD-2584 | Redirect requests to Application | Coding done, need to test this properly for invalid inputs also. |
| 7 | TQLPROD-2585 | Create 1 dummy hidden model at application | Not started |
| 8 | TQLPROD-2586 | Create Cache modifier on application after every redeploy | Not started |