Hi Arthur,

You should be able to communicate between the client and the server on
Android, using SECURED=1 library.

First, to set your "di" (client or server) - you need to specify the "di"
value inside the DAT file (containing security information) - you can look
at the samples. I never succeeded with setting the "di" using API, and I
don't know if it's supported.

Second, even using SECURED=1, in the server, you can allow any client (even
not authenticated) to access any resource.
The relevant ACL entry looks like: (you may need to change the "aceid"):
{

    "aceid": 5,
    "subject": { "conntype": "anon-clear" },
    "resources": [
        { "href": "*" }
    ],
    "permission": 14
}

This is definitely not the way to configure it in production, but it
should allow you to keep developing, without caring about access
permissions for a while.


Max





On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <a...@cin.ufpe.br>
wrote:

> Hi all,
>
> I have a few beginner-leveled questions about secure mode in Android. Let
> me explain the situation:
>
> I have created two apps (one for Server/Controlee and the other for the
> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without
> problems. As this is a simple example, I now want to do the same things but
> with SECURED=1. I should note that I am usually running both apps in the
> same device (not the emulator, but my cellphone).
>
> So I started looking everywhere and discovered I could do this with a
> local ACL and supposedly everything would be ok. Turns out it didn't, which
> is why I am here. So my questions are:
>
> - Do I need anything else to use the SECURED flag in Android apart from
> registering resource as secure and passing the ACL to the PlatformConfig
> and configure it?
>
> - I read that when configuring the Platform with an ACL the DeviceID
> should be set with the ID inside it. So as it failed I tried debugging the
> ID, which led me to confusion about PlatformID and DeviceID. When loading
> the ACL the DeviceID comes as a random byte[]. However, I can set the
> DeviceID in the code and retrieve it just fine. The thing is, the ID
> recieved by the Client (ServerID) isn't the same I set in the code. I'm not
> sure if it's something about the encoding tricking me or if it's something
> else. Can someone please shed me some light?
>
> In short, the Client can find the resources (they are registered with
> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning
> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome.
>
> Sorry for the long post, thank you in advance!
>
> _______________________________________________
> iotivity-dev mailing list
> iotivity-dev@lists.iotivity.org
> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>
>
_______________________________________________
iotivity-dev mailing list
iotivity-dev@lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev

Reply via email to