Sign in with

Dear Community User! We have started the migration process.
This community is now in READ ONLY mode.
Read more: Important information on the platform change.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
SOLVED

Using a "system user" for communication between App and the Real-Time-Layer?

Go to solution

Using a "system user" for communication between App and the Real-Time-Layer?

Go to solution
cdutz
Long-established Member

‎01-24-2024 09:12 AM

During the SPS fair some time ago, I was told that there's a way to use an internal login for an App to communicate with the real-time layer. 

Unfortunately I've been looking for quite a bit now and I guess I'm just missing the right words to search for. 

Could someone here please guide me in the right direction?

Also one question: In my example I'm simply reading data, but if my app was also able to write data ... then I guess the app could technically access all data. Wouldn't in such a case installing an App possibly circumvent any means of protection? Or can only Admins install Apps ... in that case I guess it's not so much of a problem.

Chris

0 Likes
Reply
10 REPLIES 10

Go to solution
CodeShepherd
Community Moderator
Community Moderator

‎01-24-2024 09:48 AM

In general if an app is installed on the system you already have to have access to the control so installed apps can communicate internally with less borders. 

If an unknown app needs to be installed you also have to agree that control can be compromised by it and system security and integrity cannot be guarantied. 

Realtime data can be accessed in different ways:

  • First would be simply do a NRT read/write to the realtime area of e.g. the EtherCat master and data will be read/written. See the repository of our SDK on Github and/or have a look to our how to collection about SDK.
  • Second would be running own created app as a bundle in our Celix framework and accessing directly the memory of the realtime data. To get examples or more information about that a special training is needed. See FAQ for SDK for ctrlX AUTOMATION
0 Likes
Reply

Go to solution
cdutz
Long-established Member
In response to CodeShepherd

‎01-24-2024 10:05 AM

So my application is based on Java, therefore I needed to generate the client for accessing the real-time layer myself and it's using the HTTP(S) rest access. So I guess direct memory access is out of the question ...

0 Likes
Reply

Go to solution
cdutz
Long-established Member
In response to cdutz

‎01-24-2024 11:36 AM - edited ‎01-24-2024 11:38 AM

And just a side note .... what does NRT actually stand for? I see "Data Layer Access NRT" in the docs, but what actually does NRT mean? I couldn't find the definition of that. From another part of the websiteI found: "It is the data broker of the ctrlX CORE and provides secure and managed access to the RT and NRT data available on the control." ... so does RT stand for "Real-Time" and the NRT "Near-Real-Time"?

0 Likes
Reply

Go to solution
CodeShepherd
Community Moderator
Community Moderator
In response to cdutz

‎01-24-2024 01:48 PM - edited ‎01-24-2024 01:50 PM

You are right, RT means real time and so direct memory access, equidistant in/with framework. This is only possible with C++.

NRT means non real time and so TCP/IPC based communication, free running in system.

0 Likes
Reply

Go to solution
Sgilk
Frequent Contributor
In response to CodeShepherd

‎01-25-2024 02:54 PM - edited ‎01-25-2024 03:09 PM

To expand on the first bullet above, you can do a NRT read/write via direct memory access as well. This will be significantly faster than going through the datalayer broker. This is only possible in c++ however as the other language wrappers don't have the RT-Memory Owner and User interfaces.

See this example from the SDK.

0 Likes
Reply

Go to solution
cdutz
Long-established Member
In response to Sgilk

‎01-25-2024 03:08 PM

Well all examples refer to everything except Java ... I'm using Java ... as far as I understood, if I use the libs provided in the SDK, I can use this option, but from Java I guess I'm lost, if I don't build some Java-Native-Interface wrapper to the C++ libraries, right?

So right now I'm using the rest interface ... is it even possible to use an embedded system user for that?

0 Likes
Reply

Go to solution
nickH
Community Moderator
Community Moderator
In response to cdutz

‎01-25-2024 03:19 PM - edited ‎01-25-2024 03:20 PM

@cdutz wrote:

Well all examples refer to everything except Java ... I'm using Java ... as far as I understood, if I use the libs provided in the SDK, I can use this option, but from Java I guess I'm lost, if I don't build some Java-Native-Interface wrapper to the C++ libraries, right?


Yes you are right. 

@cdutz wrote:

So right now I'm using the rest interface ... is it even possible to use an embedded system user for that?

You can use the Service2Service toke for Authentication. See the documentation here. Or this step by step HowTo

Reply

Go to solution
cdutz
Long-established Member
In response to nickH

‎01-25-2024 03:23 PM

Hi Nick,

that was exactly what I was looking for ... thank you 🙂

Chris

Reply

Go to solution
cdutz
Long-established Member
In response to cdutz

‎01-25-2024 03:28 PM - edited ‎01-25-2024 03:34 PM

However,

comparing the two documents you linked. 

One shows this:

 

  secure-assets:
    interface: content
    content: secure-assets
    source:
      read:
        - $SNAP/secure-assets/${SNAPCRAFT_PROJECT_NAME}

 

And the other this:

 

  secure-assets:
    interface: content
    content: secure-assets
    target: $SNAP/secure-assets/${SNAPCRAFT_PROJECT_NAME}

 

Which one is correct?

Also would I assume the file name in the screenshot (https://developer.community.boschrexroth.com/t5/Store-and-How-to/SDK-Service2Service-Authentication/...) of the directory structure should probably be named: servicetoservicedemo.scopes_FULL_PERMISSIONS.json and not servicetoservicedemo.scopes_FULL_PERMIRRIONS.json, right?

0 Likes
Reply

Go to solution
nickH
Community Moderator
Community Moderator
In response to cdutz

‎01-25-2024 03:33 PM

The first one with "read: " is good. 

We already reported this error in the docu. It will be fixed. 

0 Likes
Reply

OK
OK
Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist