...
The RAFT application basic security configuration and application structure is:
Security is initiated by sending users from the app to a Kerberos login. If the user successfully authenticates, they are routed to a php file that begins a RAFT session and authenticates every subsequent call against the Shibboleth token. After that, every AJAX and http call is routed through that php session and checked for the Shibboleth token. If it is not there or has expired, the call is refused. Every 10 seconds, the front-end makes a "heartbeat" AJAX call to the middle tier. If the database layer is down or the person is not authenticated the heartbeat call will return this message and end the user's session.
- 3-Tier View: The html the user sees is coded in a JavaScript single-page-application framework called CANJS (http://canjs.com). This framework is loaded via one page, app.html. That page bootstraps the entire front-end Model-View-Controller framework, which in turn makes AJAX calls to the REST stack.
- This middle-tier REST stack is implemented in the php framework called Zend. Zend also internally uses an MVC framework. This middle-tier calls Oracle PL-SQL stored procedures that represent the RAFT back end.
Gliffy Diagram name RAFT_architecture - Front end setup
...