The Palisade Service is the entry point into the rest of the Palisade Services.
It accepts a request from the client, containing the userId of the user requesting access, the resource the user wants access to, and the context as to why they require access.
The Palisade Service then creates a token, currently via the UUIDPalisadeService, but this can be extended in the future for specific token requirements.
The token is attached to the message in the form of a PalisadeSystemResponse to be sent to the User Service on the user Kafka topic.
It is also sent back to the client directly as part of a PalisadeClientResponse so that the client can connect to the Filtered Resource Service to retrieve the processed request.
As the request progresses through the other Palisade services, it is refined and enriched, the Palisade Service is the entry point for client requests.
The service also creates a start and end marker message for each request that will help the other services to determine where each request starts and ends.
The routing of requests is shown in the diagram above. The green box indicate the client request, the red box indicates the creation of an error, the purple boxes are Kafka topics, and the blue icons are for the persistence/cache.
| PalisadeClientRequest | PalisadeClientResponse | PalisadeSystemResponse | AuditErrorMessage |
|---|---|---|---|
| userId | *token | *token | *token |
| resourceId | userId | userId | |
| context | resourceId | resourceId | |
| context | context | ||
| exception | |||
| serverMetadata |
(fields marked with * are acquired from headers metadata)
The service accepts a PalisadeClientRequest, containing the userId, resourceId and context.
It then generates a token, using the UUIDPalisadeService, which along-side the original request information, is packaged in a PalisadeSystemResponse.
The service will then create an empty message to mark the start of the request.
This is done by adding the value START to a custom header for the request named x-stream-marker, this empty message is then sent to the user topic.
The service then sends the PalisadeSystemResponse onwards via the user Kafka topic to the User Service for further processing.
The service will then create another empty message to mark the end of the request.
This is done in the same way as the start message, a custom header with a key of x-stream-token, but the header value is END.
The token is also added to a PalisadeClientResponse object, which is sent back to the client, so that they can get the processed request from the Filtered Resource Service.
Palisade Service exposes one REST endpoint:
POST palisade/registerDataRequest- accepts an
x-request-tokenStringheader, any number of extra headers, and anPalisadeClientRequestbody - returns a
202 ACCEPTEDand aPalisadeClientResponsecontaining a token, after writing the headers and body to theuserKafka topic
- accepts an
The application receives a REST request containing a PalisadeClientRequest, and after returning a token to the client, creates the information we need for Kafka, including a Start and End of Stream message, containing the relevant headers.
It then creates a message in-between the start and end, containing the PalisadeClientRequest object, which contains the user, resourceId and context.
The x-request-token is sent in the Kafka headers. In case of errors, the original request and thrown exception are both captured in an AuditablePalisadeSystemResponse and the error is written to the Kafka error topic.
curl -X POST palisade-service/api/registerDataRequest -H "content-type: application/json" --data \
'{
"userId":"testUserId",
"resourceId":"/test/resourceId",
"context":{
"purpose":"testContext"
}
}'
{
"token":"df3fc6ef-3f8c-48b4-ae1b-5f3d8ad32ead"
}
Palisade-Services is licensed under the Apache 2.0 License and is covered by Crown Copyright.