Edge Device Security Claims Example
The example below illustrates how security claims can be added to an edge device and submitted to the ThingWorx Platform.
This example does the following:
• Defines the target ThingWorx Platform to which the security claims are sent.
• Defines an API Client for the edge device, setting both security claims and the target platform.
• Illustrates how the security claims are processed by providing several sets of invalid claims, and one set of valid security claims.
import com.thingworx.communications.client.APIClient;
import com.thingworx.communications.client.ClientConfigurator;
import com.thingworx.communications.common.SecurityClaims;
public class TestCustomAuth {
private static final String THINGWORX_URI = "wss://${some.thingworx.
platform}:${thingworxPort}/Thingworx/WS";
public static void main(String[] args) throws Exception {
//create and configure a simple APIClient. This code requires the
//client SDK to function
ClientConfigurator clientConfiguration = new ClientConfigurator();
SecurityClaims claims = new SecurityClaims();
clientConfiguration.setSecurityClaims(claims);
clientConfiguration.setUri(THINGWORX_URI);
APIClient client = new APIClient(clientConfiguration);
//add claims that are not correct to the claims. This will result in
//a connection failure because the special key "secretTokenKey" was
//not supplied in the claims - even though the value supplied is the
//one we expect to work
claims.addClaim("thisIsNotTheCorrectSecretKey", "MySecretKey");
claims.addClaim("whoTheySaidTheyWere", "Administrator");
tryToConnect(client);
//now use the correct secret key token, but supply an invalid value
//and expect the client to still not connect
claims.addClaim("secretTokenKey", "correct key name - wrong value");
claims.addClaim("whoTheySaidTheyWere", "Administrator");
tryToConnect(client);
//supply the correct secret key, and the correct token, but a user
//that does not exist in the thingworx platform
claims.addClaim("secretTokenKey", "MySecretKey");
claims.addClaim("whoTheySaidTheyWere", "AdministratorDoesNotExist");
tryToConnect(client);
//supply the correct secret key, and the correct token, AND a user
//that exists. This time we expect to be connected using our custom
//edge authenticator
claims.addClaim("secretTokenKey", "MySecretKey");
claims.addClaim("whoTheySaidTheyWere", "Administrator");
tryToConnect(client);
}
private static void tryToConnect(APIClient client) throws Exception {
long waitUntil = System.currentTimeMillis() + 5000; //the time 5
//seconds in the future
//this method will simply try to connect over and over again
//if needed
while(!client.isConnected() && System.currentTimeMillis() <=
waitUntil) {
client.connect(); //try to connect and then sleep a bit waiting
// for it to succeed
Thread.sleep(100);
}
outputIfConnected(client);
}
private static void outputIfConnected(APIClient client) {
if(client.isConnected()) {
System.err.println("Congratulations! You ARE connected and you
used your custom edge authenticator");
} else {
System.err.println("NOT CONNECTED");
}
}
}