Skip to main content
Version: 2.2.0

Security

Map

By default, no security is enforced on the Map. Any Client can subscribe to the Map to receive change notification.

note

In future release, configuration parameter will be provided to configure whether all the Maps will be protected or not by default.

You can configure the security for each Map via RTUS’s administrative APIs.

Configuration available as follows:

  • Whether the Map is protected. When configured as protected, only Users with valid Access Token in the cookie will be able to subscribe to the Map. The Access Token is considered valid when:
    • It has not expired
    • It’s active tenant id matches id of the tenant that the Map belong to
  • Roles that allowed to subscribe. When Map is protected and list of roles is configured, then only Users with valid Access Token and has any of the configured roles will be able to subscribe to the Map.
  • Permission to Resource and Scope. When Map is protected and the Resource and Scope is configured, then only User with valid Access Token and has granted access to the specified Resource and Scope will be able to subscribe to the Map.

Please refer to the API documentation for more information.

JSON Map

By default, no security is enforced on the JSON Map. Any Client can subscribe to the JSON Map to receive change notification.

You can configure the security for each JSON Map via RTUS’s administrative APIs.

Configuration available as follows:

  • Whether the Map is protected. When configured as protected, only Users with valid Access Token in the cookie will be able to subscribe to the Map. The Access Token is considered valid when:
    • It has not expired
    • It’s active tenant id matches id of the tenant that the Map belong to
  • Roles that allowed to subscribe. When Map is protected and list of roles is configured, then only Users with valid Access Token and has any of the configured roles will be able to subscribe to the Map.
  • Resource Type, Scope, and Value Path. When Map is protected and the Resource Type and Scope is configured, then User with valid Access Token will only receive change notification for value entities, that have the attribute value specified by the value path matches the Resources granted to the user.

For example, if the JSON Map is configured with the followings:

  • Resource Type: RTUS-RESOURCE
  • Scope: View
  • Value Path: properties.callsign

and the User is granted access to the following Resource and Scope:

  • Resource: CALL410
  • Resource Type: RTUS-RESOURCE
  • Scope: View

then the User will be able to receive change notification when the following JSON value is added to the Json Map:

JSON
{
      "type" : "Feature",
      "geometry" : {
        "coordinates" : [ 103.80706809485737, 1.2149680948573696 ],
        "type" : "Point"
      },
      "properties" : {
        "kind" : "aircraft",
        "created_at" : "1736353292322",
        "fr24_id" : "fr24_133",
        "hex" : "B5A7AC",
        "callsign" : "CALL410",
        "lat" : 1.2149680948573696,
        "lon" : 103.80706809485737,
        "track" : "74",
        "alt" : "36837",
        "gspeed" : "475",
        "vspeed" : "-1",
        "squawk" : "2943",
        "timestamp" : "2025-01-08T23:21:25+07:00",
        "source" : "ADSB",
        "flight" : "FL980",
        "type" : "A333",
        "reg" : "4R-W",
        "painted_as" : "ALK",
        "operating_as" : "ALK",
        "orig_iata" : "CMB",
        "orig_icao" : "VCBI",
        "dest_iata" : "SIN",
        "dest_icao" : "WSSS",
        "eta" : "2025-01-08T23:25:18+07:00"
      }
    }

Please refer to the API documentation for more information.

User Value Map

To subscribe to a specific User Value (identify by User Id) in User Value Map, the following criteria must be met:

  • User must have a valid Access Token in the cookie
  • Access Token’s active tenant id must match the tenant id of that the User Value Map belong to
  • Access Token’s user id value must match the user id of the User Value to subscribe.

Topic

By default, no security is enforced on the Topic. Any Client can subscribe to the Topic to receive Event.

note

In future release, configuration parameter will be provided to configure whether all the Topics will be protected or not by default.

You can configure the security for each Topic via RTUS’s administrative APIs. Configuration available as follows:

  • Whether the Topic is protected. When configured as protected, only Users with valid Access Token in the cookie will be able to subscribe to the Topic. The Access Token is considered valid when:
    • It has not expired
    • It’s active tenant id matches id of the tenant that the Topic belong to
  • Roles that allowed to subscribe. When Topic is protected and list of roles is configured, then only Users with valid Access Token and has any of the configured roles will be able to subscribe to the Topic.
  • Permission to Resource and Scope. When Topic is protected and the Resource and Scope is configured, then only User with valid Access Token and has granted access to the specified Resource and Scope will be able to subscribe to the Topic.

Please refer to the API documentation for more information.