From e26ebdc879869d80486ae7e9003a3db0848705e3 Mon Sep 17 00:00:00 2001 From: malkoas <41993717+malkoas@users.noreply.github.com> Date: Thu, 8 Sep 2022 18:08:18 +0300 Subject: [PATCH] OPS-176: Upd readme (#18) * OPS-176: Upd readme * OPS-176: Upd readme --- README.md | 9 ++++----- doc/diagram-wachter.svg | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 5bdfeeb..4d4e214 100644 --- a/README.md +++ b/README.md @@ -9,15 +9,14 @@ 2. Из сообщения запроса wachter получает [имя метода](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/service/MethodNameReaderService.java) 3. В [KeycloakService](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/service/KeycloakService.java) -wachter получает partyId и AccessToken. +wachter получает AccessToken. 4. По имени сервиса из header wachter [маппит](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/mapper/ServiceMapper.java) url, на который необходимо спроксировать запрос. 5. Далее сервис проверяет возможность [авторизации](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/security/AccessService.java) -пользователя в [bouncer](https://github.com/valitydev/bouncer), -формируя [контекст](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/security/BouncerContextFactory.java) -на основе [данных](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/security/AccessData.java), -полученных из запроса. Контекст формируется с учетом фрагмента [wachter](https://github.com/valitydev/bouncer-proto/blob/master/proto/context_v1.thrift#L49) +пользователя, сравнивая полученные названия сервиса и метода от [control-center](https://github.com/valitydev/control-center) +с теми, что находятся в JWT токене. Доступ может быть разрешен как [ко всему сервису](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/security/RoleAccessService.java#L22), +так и только к [отдельному методу](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/security/RoleAccessService.java#L22) сервиса. 6. Если доступ разрешен, сервис [отправляет запрос](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/client/WachterClient.java) на ранее смаппленный урл. 7. Полученный ответ [возвращает](https://github.com/valitydev/wachter/blob/master/src/main/java/dev/vality/wachter/controller/WachterController.java) control-center. diff --git a/doc/diagram-wachter.svg b/doc/diagram-wachter.svg index 8fd36ad..759b89c 100644 --- a/doc/diagram-wachter.svg +++ b/doc/diagram-wachter.svg @@ -1,4 +1,4 @@ -
:ServiceMapper
:ServiceMapper
6.send request to service
6.send request...
:WachterClient
:WachterClient
getResolution
getResolution
process Request 
process Request 
1. get Request
1. get Requ...
BouncerClient
BouncerClient
Judgement
Judgement
:AccessService
:AccessService
:BouncerContext
Factory
:BouncerContext...
judge
judge
response from service
response from service
Resolution
Resolution
Control Center
Control Center
7.response
7.response
:BouncerService
:BouncerService
buildContext
buildContext
Context
Context
:KeycloakService
:KeycloakService
Service name and url
Service name and url
:MethodName
ReaderService
:MethodName...
2. getMethodName
2. getMethodName
3. getPartyId and getAccessToken
3. getPartyId a...
:WachterService
:WachterService
methodName
methodName
partyId and token
partyId and token
4. map Service from request
4. map Service...
5.checkUserAccess
5.checkUserAcce...
:WachterController
:WachterControll...
response
responseText is not SVG - cannot display \ No newline at end of file +
:ServiceMapper
:ServiceMapper
:WachterClient
:WachterClient
7.response
7.response
process Request 
process Request 
1. get Request
1. get Requ...
:AccessService
:AccessService
Resolution
Resolution
Control Center
Control Center
7.response
7.response
:KeycloakService
:KeycloakService
Service name and url
Service name and url
:MethodName
ReaderService
:MethodName...
2. getMethodName
2. getMethodName
3. getPartyId and getAccessToken
3. getPartyId a...
:WachterService
:WachterService
methodName
methodName
partyId and token
partyId and token
4. map Service from request
4. map Service...
5.checkUserAccess
5.checkUserAcce...
response
response
:WachterController
:WachterControll...
:Role
AccessService
:Role...
5.checkRolesAccess
5.checkRolesAcc...
6.send request to service
6.send request...
Control Center
Control Center
response
response
6.send request to service
6.send request...Text is not SVG - cannot display \ No newline at end of file