open62541pp/server_accesscontrol_8cpp-example.html

#include <iostream>


#include <open62541pp/node.hpp>

#include <open62541pp/plugin/accesscontrol_default.hpp>

#include <open62541pp/server.hpp>


using namespace opcua;


// Custom access control based on AccessControlDefault.

// If a user logs in with the username "admin", a session attribute "isAdmin" is stored. As an

// example, the user "admin" has write access level to the created variable node. So admins can

// change the value of the created variable node, anonymous users and the user "user" can't.

// Session attributes are available since open62541 v1.3, so this example requires at least v1.3.

class AccessControlCustom : public AccessControlDefault {

public:

    using AccessControlDefault::AccessControlDefault;  // inherit constructors


    StatusCode activateSession(

        Session& session,

        const EndpointDescription& endpointDescription,

        const ByteString& secureChannelRemoteCertificate,

        const ExtensionObject& userIdentityToken

    ) override {

        // Grant admin rights if user is logged in as "admin"

        // Store attribute "isAdmin" as session attribute to use it in access callbacks

        const auto* token = userIdentityToken.decodedData<UserNameIdentityToken>();

        const bool isAdmin = (token != nullptr && token->userName() == "admin");

        std::cout << "User has admin rights: " << isAdmin << std::endl;

        session.setSessionAttribute({0, "isAdmin"}, Variant{isAdmin});


        return AccessControlDefault::activateSession(

            session, endpointDescription, secureChannelRemoteCertificate, userIdentityToken

        );

    }


    Bitmask<AccessLevel> getUserAccessLevel(Session& session, const NodeId& nodeId) override {

        const bool isAdmin = session.getSessionAttribute({0, "isAdmin"}).scalar<bool>();

        std::cout << "Get user access level of node id " << opcua::toString(nodeId) << std::endl;

        std::cout << "Admin rights granted: " << isAdmin << std::endl;

        return isAdmin

            ? AccessLevel::CurrentRead | AccessLevel::CurrentWrite

            : AccessLevel::CurrentRead;

    }

};


int main() {

    // Exchanging usernames/passwords without encryption as plain text is dangerous.

    // We are doing this just for demonstration, don't use it in production!

    AccessControlCustom accessControl{

        true,  // allow anonymous

        {

            Login{String{"admin"}, String{"admin"}},

            Login{String{"user"}, String{"user"}},

        }

    };


    ServerConfig config;

    config.setAccessControl(accessControl);

#if UAPP_OPEN62541_VER_GE(1, 4)

    config->allowNonePolicyPassword = true;

#endif


    Server server{std::move(config)};


    // Add variable node. Try to change its value as a client with different logins.

    Node{server, ObjectId::ObjectsFolder}

        .addVariable(

            {1, 1000},

            "Variable",

            VariableAttributes{}

                .setAccessLevel(AccessLevel::CurrentRead | AccessLevel::CurrentWrite)

                .setDataType(DataTypeId::Int32)

                .setValueRank(ValueRank::Scalar)

                .setValue(opcua::Variant{0})

        );


    server.run();

}

accesscontrol_default.hpp

opcua::AccessControlDefault
Default access control.
Definition accesscontrol_default.hpp:25

opcua::Bitmask
Bitmask using (scoped) enums.
Definition bitmask.hpp:127

opcua::ByteString
UA_ByteString wrapper class.
Definition types.hpp:537

opcua::ExtensionObject
UA_ExtensionObject wrapper class.
Definition types.hpp:1742

opcua::ExtensionObject::decodedData
T * decodedData() noexcept
Get pointer to the decoded data with given template type.
Definition types.hpp:1858

opcua::NodeId
UA_NodeId wrapper class.
Definition types.hpp:641

opcua::Node
High-level node class to access node attribute, browse and populate address space.
Definition node.hpp:45

opcua::Node::addVariable
Node addVariable(const NodeId &id, std::string_view browseName, const VariableAttributes &attributes={}, const NodeId &variableType=VariableTypeId::BaseDataVariableType, const NodeId &referenceType=ReferenceTypeId::HasComponent)
Add variable.
Definition node.hpp:156

opcua::ServerConfig
Server configuration.
Definition server.hpp:43

opcua::ServerConfig::setAccessControl
void setAccessControl(AccessControlBase &accessControl)
Set custom access control.

opcua::Server
High-level server class.
Definition server.hpp:142

opcua::Session
High-level session class to manage client sessions.
Definition session.hpp:20

opcua::Session::setSessionAttribute
void setSessionAttribute(const QualifiedName &key, const Variant &value)
Attach a session attribute as a key-value pair.

opcua::Session::getSessionAttribute
Variant getSessionAttribute(const QualifiedName &key)
Get a session attribute by its key.

opcua::StatusCode
UA_StatusCode wrapper class.
Definition types.hpp:44

opcua::String
UA_String wrapper class.
Definition types.hpp:256

opcua::Variant
UA_Variant wrapper class.
Definition types.hpp:1048

opcua::EndpointDescription
UA_EndpointDescription wrapper class.
Definition types.hpp:271

opcua::UserNameIdentityToken
UA_UserNameIdentityToken wrapper class.
Definition types.hpp:656

opcua::VariableAttributes
UA_VariableAttributes wrapper class.
Definition types.hpp:419

opcua::ua::VariableAttributes::setAccessLevel
auto & setAccessLevel(Bitmask< AccessLevel > accessLevel) noexcept
Definition types.hpp:463

opcua
Definition async.hpp:11

opcua::toString
String toString(const NumericRange &range)

node.hpp

server.hpp

opcua::Login
Login credentials.
Definition accesscontrol_default.hpp:12