diff options
author | Ravi Geda <gravik@amdocs.com> | 2018-09-17 12:57:44 +0100 |
---|---|---|
committer | Ravi Geda <gravik@amdocs.com> | 2018-09-20 12:44:40 +0100 |
commit | 6c3031ea90d5b51ae44a599c0cd0d95c057cf633 (patch) | |
tree | 430df4d43b04db902d21a80e19e465fa3312951b /sidecar/fproxy/README.md | |
parent | 85f33095c117ba5b361749746d564e6308a33f14 (diff) |
Add forward proxy code
Add a maven module called sidecar to cadi.
Add forward proxy as a maven module to sidecar.
Note that though sidecar is a module of cadi it does not inherit from cadi's pom.
Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6
Issue-ID: AAI-1603
Signed-off-by: Ravi Geda <gravik@amdocs.com>
Diffstat (limited to 'sidecar/fproxy/README.md')
-rw-r--r-- | sidecar/fproxy/README.md | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/sidecar/fproxy/README.md b/sidecar/fproxy/README.md new file mode 100644 index 0000000..e1d3667 --- /dev/null +++ b/sidecar/fproxy/README.md @@ -0,0 +1,41 @@ +# Introduction + +The AAF Forward Proxy is a forward proxy service with credential caching capabilities for incoming REST requests. It is one of two applications (along with Reverse proxy) deployed as a +Kubernetes sidecar to the main Primary service + +## Features + +Forward Proxy: + +* The service will forward all incoming REST requests on to their original endpoints. +* Add any cached security credentials to the forwarding request + +### Credential Cache: +The credential cache is a short-lived in-memory cache, keyed on a transaction ID. The following data is cached: + +* Transaction ID - this is the key for retrieving cached values +* CredentialName - this is the name of the credential to be cached. + This should correspond to the header name for a header credential, or the cookie name for a cookie credential. +* CredentialValue - this is the value associated with the credential. + This should correspond to the header value of a header credential, or the cookie contents for a cookie credential. +* CredentialType - this is the type of the credential to be cached. Currently supported values are: HEADER, COOKIE. + The cache has a configurable cache expiry period, so that any cache entries older than the expiry period will be automatically removed from the cache. + +### Credential Cache REST API: +Credentials can be added to the credential cache by performing a REST POST using the following URL: + +(Note that the transaction ID is provided as a URL parameter) + +https://<host>:<port>/credential-cache/<transactionid> +The body of the request should contain the cached data (described above) in JSON format as follows: + +{ "credentialName":"foo", "credentialValue":"bar", "credentialType":"<HEADER/COOKIE>" } + + +## Configuring the fProxy service +The fProxy service is configured through the fproxy.properties file that resides under the ${CONFIG_HOME} environment variable. + +The file has the following configurable properties: + +credential.cache.timeout.ms This is the time in milliseconds that a cache entry will expire after it is added. 180000 +transactionid.header.name This is the name of the header in incoming requests that will contain the transaction ID. X-TransactionId
\ No newline at end of file |