cancel
Showing results for 
Search instead for 
Did you mean: 
SOLVED

Using a "system user" for communication between App and the Real-Time-Layer?

Using a "system user" for communication between App and the Real-Time-Layer?

cdutz
Long-established Member

During the SPS fair some time ago, I was told that there's a way to use an internal login for an App to communicate with the real-time layer. 

Unfortunately I've been looking for quite a bit now and I guess I'm just missing the right words to search for. 

Could someone here please guide me in the right direction?

Also one question: In my example I'm simply reading data, but if my app was also able to write data ... then I guess the app could technically access all data. Wouldn't in such a case installing an App possibly circumvent any means of protection? Or can only Admins install Apps ... in that case I guess it's not so much of a problem.

Chris

10 REPLIES 10

CodeShepherd
Community Moderator
Community Moderator

In general if an app is installed on the system you already have to have access to the control so installed apps can communicate internally with less borders. 

If an unknown app needs to be installed you also have to agree that control can be compromised by it and system security and integrity cannot be guarantied. 

Realtime data can be accessed in different ways:

  • First would be simply do a NRT read/write to the realtime area of e.g. the EtherCat master and data will be read/written. See the repository of our SDK on Github and/or have a look to our how to collection about SDK.
  • Second would be running own created app as a bundle in our Celix framework and accessing directly the memory of the realtime data. To get examples or more information about that a special training is needed. See FAQ for SDK for ctrlX AUTOMATION

cdutz
Long-established Member

So my application is based on Java, therefore I needed to generate the client for accessing the real-time layer myself and it's using the HTTP(S) rest access. So I guess direct memory access is out of the question ...

cdutz
Long-established Member

And just a side note .... what does NRT actually stand for? I see "Data Layer Access NRT" in the docs, but what actually does NRT mean? I couldn't find the definition of that. From another part of the websiteI found: "It is the data broker of the ctrlX CORE and provides secure and managed access to the RT and NRT data available on the control." ... so does RT stand for "Real-Time" and the NRT "Near-Real-Time"?

CodeShepherd
Community Moderator
Community Moderator

You are right, RT means real time and so direct memory access, equidistant in/with framework. This is only possible with C++.

NRT means non real time and so TCP/IPC based communication, free running in system.

To expand on the first bullet above, you can do a NRT read/write via direct memory access as well. This will be significantly faster than going through the datalayer broker. This is only possible in c++ however as the other language wrappers don't have the RT-Memory Owner and User interfaces.

See this example from the SDK.

cdutz
Long-established Member

Well all examples refer to everything except Java ... I'm using Java ... as far as I understood, if I use the libs provided in the SDK, I can use this option, but from Java I guess I'm lost, if I don't build some Java-Native-Interface wrapper to the C++ libraries, right?

So right now I'm using the rest interface ... is it even possible to use an embedded system user for that?

nickH
Community Moderator
Community Moderator

@cdutz wrote:

Well all examples refer to everything except Java ... I'm using Java ... as far as I understood, if I use the libs provided in the SDK, I can use this option, but from Java I guess I'm lost, if I don't build some Java-Native-Interface wrapper to the C++ libraries, right?



Yes you are right. 


@cdutz wrote:

So right now I'm using the rest interface ... is it even possible to use an embedded system user for that?


You can use the Service2Service toke for Authentication. See the documentation here. Or this step by step HowTo

cdutz
Long-established Member

Hi Nick,

that was exactly what I was looking for ... thank you 🙂

Chris

cdutz
Long-established Member

However,

comparing the two documents you linked. 

One shows this:

 

  secure-assets:
    interface: content
    content: secure-assets
    source:
      read:
        - $SNAP/secure-assets/${SNAPCRAFT_PROJECT_NAME}

 

And the other this:

 

  secure-assets:
    interface: content
    content: secure-assets
    target: $SNAP/secure-assets/${SNAPCRAFT_PROJECT_NAME}

 

Which one is correct?

Also would I assume the file name in the screenshot (https://developer.community.boschrexroth.com/t5/Store-and-How-to/SDK-Service2Service-Authentication/...) of the directory structure should probably be named: servicetoservicedemo.scopes_FULL_PERMISSIONS.json and not servicetoservicedemo.scopes_FULL_PERMIRRIONS.json, right?

nickH
Community Moderator
Community Moderator

The first one with "read: " is good. 

We already reported this error in the docu. It will be fixed. 

Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist