FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
01-24-2024 09:12 AM
During the SPS fair some time ago, I was told that there's a way to use an internal login for an App to communicate with the real-time layer.
Unfortunately I've been looking for quite a bit now and I guess I'm just missing the right words to search for.
Could someone here please guide me in the right direction?
Also one question: In my example I'm simply reading data, but if my app was also able to write data ... then I guess the app could technically access all data. Wouldn't in such a case installing an App possibly circumvent any means of protection? Or can only Admins install Apps ... in that case I guess it's not so much of a problem.
Chris
Solved! Go to Solution.
01-24-2024 09:48 AM
In general if an app is installed on the system you already have to have access to the control so installed apps can communicate internally with less borders.
If an unknown app needs to be installed you also have to agree that control can be compromised by it and system security and integrity cannot be guarantied.
Realtime data can be accessed in different ways:
01-24-2024 10:05 AM
So my application is based on Java, therefore I needed to generate the client for accessing the real-time layer myself and it's using the HTTP(S) rest access. So I guess direct memory access is out of the question ...
01-24-2024 11:36 AM - edited 01-24-2024 11:38 AM
And just a side note .... what does NRT actually stand for? I see "Data Layer Access NRT" in the docs, but what actually does NRT mean? I couldn't find the definition of that. From another part of the websiteI found: "It is the data broker of the ctrlX CORE and provides secure and managed access to the RT and NRT data available on the control." ... so does RT stand for "Real-Time" and the NRT "Near-Real-Time"?
01-24-2024 01:48 PM - edited 01-24-2024 01:50 PM
You are right, RT means real time and so direct memory access, equidistant in/with framework. This is only possible with C++.
NRT means non real time and so TCP/IPC based communication, free running in system.
01-25-2024 02:54 PM - edited 01-25-2024 03:09 PM
To expand on the first bullet above, you can do a NRT read/write via direct memory access as well. This will be significantly faster than going through the datalayer broker. This is only possible in c++ however as the other language wrappers don't have the RT-Memory Owner and User interfaces.
See this example from the SDK.
01-25-2024 03:08 PM
Well all examples refer to everything except Java ... I'm using Java ... as far as I understood, if I use the libs provided in the SDK, I can use this option, but from Java I guess I'm lost, if I don't build some Java-Native-Interface wrapper to the C++ libraries, right?
So right now I'm using the rest interface ... is it even possible to use an embedded system user for that?
01-25-2024 03:19 PM - edited 01-25-2024 03:20 PM
@cdutz wrote:
Well all examples refer to everything except Java ... I'm using Java ... as far as I understood, if I use the libs provided in the SDK, I can use this option, but from Java I guess I'm lost, if I don't build some Java-Native-Interface wrapper to the C++ libraries, right?
Yes you are right.
@cdutz wrote:
So right now I'm using the rest interface ... is it even possible to use an embedded system user for that?
You can use the Service2Service toke for Authentication. See the documentation here. Or this step by step HowTo.
01-25-2024 03:23 PM
Hi Nick,
that was exactly what I was looking for ... thank you 🙂
Chris
01-25-2024 03:28 PM - edited 01-25-2024 03:34 PM
However,
comparing the two documents you linked.
One shows this:
secure-assets:
interface: content
content: secure-assets
source:
read:
- $SNAP/secure-assets/${SNAPCRAFT_PROJECT_NAME}
And the other this:
secure-assets:
interface: content
content: secure-assets
target: $SNAP/secure-assets/${SNAPCRAFT_PROJECT_NAME}
Which one is correct?
Also would I assume the file name in the screenshot (https://developer.community.boschrexroth.com/t5/Store-and-How-to/SDK-Service2Service-Authentication/...) of the directory structure should probably be named: servicetoservicedemo.scopes_FULL_PERMISSIONS.json and not servicetoservicedemo.scopes_FULL_PERMIRRIONS.json, right?
01-25-2024 03:33 PM
The first one with "read: " is good.
We already reported this error in the docu. It will be fixed.