How to get the user's credentials every time the user requests their items

Hi everyone,

I am trying to add role management for openhab users. I have already implemented the function to add/remove/change a role in the karaf console and made a pull request to resolve this issue.

Now I can manage roles with the Karaf console. I’m going to implement, on the server side in the openhab-core project, multiple roles management, so that users have access to IoT devices based on their roles. To do this, I will try to filter the items sent to the client with the roles.

But I have a problem, I found the part of the code where the server sends to the client all the items, it’s in the file in the bundle at the location / in the getItems function put in the screenshot below :

So, what I want to do in the function above, is to get the user’s id to get their roles, or directly get the user’s roles, to know what items should be returned for the specific user.

I know that this function is called with the operationId in this case getItems provided by the swagger API because there is no @Path specified as I understood from the following links, 1, 2 and 3. If I find where this operationId is called, I can manage to add the user’s roles as an argument. Maybe I didn’t really understand how the @Operation annotation works, If you can explain this in more detail, or give me other better links this can help me a lot.

I know that in the client side in the project openhab-webui the items are requested in the file homecards-mixin.js at the location openhab-webui/bundles/org.openhab.ui/web/src/pages/home/homecards-mixin.js with the get method in the screenshot below :

This get method is implemented in the file api.js at the location openhab-webui/bundles/org.openhab.ui/web/src/js/openhab/api.js and I display the implementation below:

So when the client requests the items, it also puts its credential and sends it with JWT to check the integrity and authentication of the message (as you can see in the Framework7.request.setup function). Normally, it is possible to get the user’s credentials from the server side in the getItems function explained above, because when the client requests their items, it puts its credentials in the requestHeader.

Can anyone tell me how to get the user’s credentials when he makes a request to the server? In my case, when he requests his items.

And also explain to me how exactly the getItems function is called with the getItems operationId in the image above? How is the path handled in the case of @Operation annotation (to get a RESTfull web service)?

I know that the explanations are long, but I try to be as clear as possible.

I hoop someone can help me.

Thank you,

Nicolas Gennart.

Completely off-topic, but a side consideration if considering allowing users to “see” only a sub-set of Items.
GUI widgets can be built that show differently depending on the state of other Items than the ‘primary’ one. For example, you might limit UI “car charger controls” depending on the state of “solar plant output”, but not actually show “solar” details in the UI at all. If a user is not permitted access to “solar” Item, this will mess up.

I suppose that is really a suggestion about separate access controls for read and read-write.


It is the role of the administrator to assign the right accesses to the right roles, if there are some confusions it is possible to manage these confusions with the roles. This is a suggestion of course. I try to manage several roles in openhab because for the moment there are only two roles: user and administrator.

But can you answer me for the technical questions, how the @Operation annotation is handled and how we can get the user credential for each of these request?

Thank you,

Nicolas Gennart.

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.