diff options
Diffstat (limited to 'docs/sections/services/dfc/http-notes.rst')
-rw-r--r-- | docs/sections/services/dfc/http-notes.rst | 75 |
1 files changed, 73 insertions, 2 deletions
diff --git a/docs/sections/services/dfc/http-notes.rst b/docs/sections/services/dfc/http-notes.rst index bd297b14..c45c7bd8 100644 --- a/docs/sections/services/dfc/http-notes.rst +++ b/docs/sections/services/dfc/http-notes.rst @@ -1,8 +1,8 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -HTTP notes -========== +HTTP/HTTPS notes +================ HTTP Basic Authentication in FileReady messages """"""""""""""""""""""""""""""""""""""""""""""" @@ -61,3 +61,74 @@ Example file ready message is as follows: Note, more than one file from the same location can be added to the "arrayOfNamedHashMap". If so, they are downloaded from the endpoint through single http connection. + +HTTPS connection with DFC +""""""""""""""""""""""""" +The file ready message for https server is the same as used in other protocols and http. The only difference is that the scheme is set to +"https": + +.. code-block:: bash + + ... + "arrayOfNamedHashMap": [ + { + "name": "C_28532_measData_file.xml", + "hashMap": { + "location": "https://login:password@server.com:443/file.xml.gz", + ... + +The processed uri depends on the https connection type that has to be established (client certificate authentication, basic +authentication, and no authentication). + +For client certificate authentication: + +.. code-block:: bash + + scheme://host:port/path + i.e. + https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz + +Authentication is based on the certificate used by the DFC. + +For basic authentication: + +.. code-block:: bash + + scheme://userinfo@host:port/path + i.e. + https://demo:demo123456!@example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz + +Authentication is based on the "userinfo" applied within the link. + +If no authentication is required: + +.. code-block:: bash + + scheme://host:port/path + i.e. + https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz + +Note, effective way of authentication depends of uri provided and http server configuration. + +If port number was not supplied , port 443 is used by default. +Every file is sent through separate https connection. + +JWT token in HTTP/HTTPS connection +"""""""""""""""""""""""""""""""""" + +JWT token is processed, if it is provided as a ``access_token`` in the query part of the **location** entry: + +.. code-block:: bash + + scheme://host:port/path?access_token=<token> + i.e. + https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vIiwiaWF0IjoxNTE2MjM5MDIyfQ.MWyG1QSymi-RtG6pkiYrXD93ZY9NJzaPI-wS4MEpUto + +JWT tokens are consumed both in HTTP and HTTPS connections. Using JWT token is optional. If it is provided, its +**validity is not verified**. Token is extracted to the HTTP header as ``Authorization: Bearer <token>`` and is **NOT** +used in URL in HTTP GET call. Only single JWT token entry in the query is acceptable. If more than one ''access_token'' +entry is found in the query, such situation is reported as error and DFC tries to download file without token. Another +query parameters are not modified at all and are used in URL in HTTP GET call. + +If both JWT token and basic authentication are provided, JWT token has the priority. Such situation is considered +as fault and is logged on warning level. |