The identification authorization add-on authorizes identifications (eg. RFID tags) that are used to start transactions on charging stations (among other actions). The add-on cannot be used for authentication (user & password checking).

Whenever authorization of an identification is required, the Motown core will send out a AuthorizationRequestedEvent. The identification authorization add-on listens for that event and checks its services to see if the identification mentioned in the event is authorized. The add-on can be configured to use multiple authorization services. The add-on will loop through all configured authorization services up until one service responds that the identification is valid, the add-on will send out a GrantAuthorizationCommand and no other authorization service will be checked. If none of the configured services responds that the identification is valid, the add-on will send out a DenyAuthorizationCommand.

At this moment an implementation for CIR is available.

Summary of the flow:

• charging station sends a request to Motown to authorize an identification
• the Motown core sends out a AuthorizationRequestedEvent
• the identification authorization add-on listens for this event
• the add-on checks the authorization services it have been configured with
• as soon as a authorization service responds that the identification is valid the add-on sends out a GrantAuthorizationCommand
• if no service responds that the identification is valid the add-on sends out a DenyAuthorizationCommand
• the Motown core responds to the received command by sending out a AuthorizationResultEvent with the appropriate AuthorizationResultStatus

If you already have your own database or service which provides identification authorization you can easily add it to the identification authorization add-on. There are a few steps you must take.

Every authorization provider service must implement the io.motown.identificationauthorization.pluginapi.AuthorizationProvider interface. It consists of one method (javadocs removed for brevity):

public interface AuthorizationProvider {
    boolean isValid(IdentifyingToken identification);
}

The identification object contains the token which should be authorized. The return value should be true if the identification is valid, false if not or if the identification is unknown.

After implementing your authorization service it should be known within the IdentificationAuthorizationService. The IdentificationAuthorizationService takes a set of authorization services. To get your authorization service up and running all you need to do is provide it to the IdentificationAuthorizationService.

To see how that's done check the IdentificationAuthorizationService configuration sample.

To be able to send out commands a command gateway must be instantiated, with a reference to the command bus. The interface is located at io.motown.identificationauthorization.app.AuthorizationCommandGateway.

As with all configuration samples, Spring is not required but it makes configuration a lot easier. A sample configuration of the command gateway in this add-on:

<bean id="commandGateway" class="org.axonframework.commandhandling.gateway.CommandGatewayFactoryBean">
    <property name="commandBus" ref="commandBus"/>
    <property name="gatewayInterface" value="io.motown.identificationauthorization.app.AuthorizationCommandGateway"/>
</bean>

To be able to pick up the AuthorizationRequestedEvent an event listener must be instantiated. It is located at io.motown.identificationauthorization.app.AuthorizationEventListener. It needs a reference to the command gateway, identification authorization service and it needs an add-on identity.

Sample configuration:

<!-- make sure Axon picks up the EventHandler -->
<axon:annotation-config/>

<bean class="io.motown.identificationauthorization.app.AuthorizationEventListener">
    <!-- command gateway mentioned in other sample -->
    <property name="commandGateway" ref="commandGateway" />
    <!-- identification authorization service mentioned in other sample -->
    <property name="identificationAuthorizationService" ref="identificationAuthorizationService" />
    <!-- add-on id is a string value which is used to identify an add-on once multiple add-ons of the same type are running -->
    <property name="addOnIdentity" value="1" />
</bean>

The identification authorization service queries the configured authorization providers and returns the result to the event handler. The service needs a set of providers. Every provider should implement the io.motown.identificationauthorization.pluginapi.AuthorizationProvider interface.

Sample configuration:

<bean id="identificationAuthorizationService" class="io.motown.identificationauthorization.app.IdentificationAuthorizationService">
    <property name="providers">
        <!-- set of authorization providers which will be used by the service -->
        <set>
            <bean class="io.motown.identificationauthorization.cirplugin.CirAuthorization">
                <!-- configure or read your CIR credentials here -->
                <property name="username" value="cirUserName" />
                <property name="password" value="cirPassword" />
                <property name="endpoint" value="cirEndpoint" />
            </bean>
            <!-- non existing authorization to demonstrate how to include your own authorization service -->
            <bean class="com.mycompany.identificationauthorization.IdentificationAuthorizationService">
                <!-- sample properties, your service could directly connect to a database to authorize identifications -->
                <property name="databaseConnectionString" value="jdbc:mysql://localhost:3306/myDB" />
                <property name="databaseUser" value="" />
                <property name="databasePassword" value="" />
            </bean>
        </set>
    </property>
</bean>