Pattern based registrations/subscriptions for multi domains

#1

Greetings!

I’m having a trouble implementing multi-domain URI and pattern based reg/sub

To give a quick explanation,

I have these two URIs

com.acmeco.devices.get serving devices for acmeco.com

com.customer1.devices.get serving devices for customer1.com

com.customer2.devices.get serving devices for customer2.com

and the devices service will only return devices that belong to each domain.

First I’ve tried with static authorizer with the following config

{

“name”: “devices”,

“permissions”: [

{

“uri”: “…devices.get”,

“match”: “wildcard”,

“allow”: {

“call”: false,

“register”: true,

“publish”: false,

“subscribe”: false

},

“disclose”: {

“caller”: false,

“publisher”: false

},

“cache”: true

},

]

},

``

Unfortunately ..devices with wildcard do not let devices to register a procedure with ..devices with {match: 'wildcard'}

args: [ ‘session is not authorized to register procedure ‘…devices.get’’ ],

A way to solve this was through dynamic authorizer.

So, the first question, is dynamic authorizer the only and right way to achieve the above scenario? if it is, no issue here just gotta use dynamic authorizer

Secondly, I wonder about the URI convention with serving multiple domains,

as far as I’m concerned, authorizer in CB does not deal with app logic, which excludes domain in the CB’s authorization scope.

So what I’ll end up with would be

  1. check authid and lookup DB to get user domain (because the domain in the URI can be manipulated…)

  2. compare if the user belongs to the domain that’s being called in the URI

  3. filter devices by domain, and return to user

This process makes actually domain in the URI useless because the service will have to look up the DB anyways, which means

com.customer1.devices.get serving devices for customer1.com

is same as

com.acmeco.devices.get serving devices for acmeco.com with domain filter

in this scenario, should I give up on having the customer domain in the URI? or is it actually being used as it was meant to?

Many Thanks,

0 Likes

#2

In the above example, acmeco.com is my app’s domain.

0 Likes