This section describes how a single authorized request drills down through the Cortex's architectural layers and then percolates up back through the layers and returns to the client application that made the request.
- The client application sends a HTTP request (GET, PUT, POST, or DELETE) to Cortex. Cortex authenticates the request using the authentication token found in the request header. Once the request is authenticated, the request is passed to the HTTP bridge.
- The HTTP Bridge converts the HTTP request into a ResourceOperation, which contains the resource being referenced (carts, items, lineitems, etc), the HTTP request's method (GET, PUT, POST, or DELETE), and the request's Subject. The ResourceOperation is then passed to the Kernel.
- The ResourceKernelImpl receives the ResourceOperation and runs the submitOperation(ResourceOperation) method to verify that the request's Subject is authorized to access the resource. If the subject is verified, ResourceKernelImpl loads the resource referenced in the ResourceOperation through the ResourceServer.
- The ResourceServer reads the ResourceOperation's resource and the operation type (GET, PUT, POST, DELETE) to determine the correct ResourceOperation to run and then executes the ResourceOperation.
- The ResourceOperation, which encapsulates the Resource URI, the resource, and the operation being applied to the resource, delegates the operation to the resource's lookup or writer depending on the operation type. If the operation is a GET, the resource's lookup is used. If the operation is a DELETE or a POST, the resource's writer is used.
- The resource's writer or lookup calls a strategy class in the integration layer. The strategy performs a CRUD operation that calls into the Elastic Path Core services. (More on this is step 7 below)
- For a READ operation, the strategy returns a Java object and then calls a transformer to convert the Elastic Path Commerce object into a DTO. The DTO is wrapped in an ExecutionResult, a flag is set on the ExecutionResult to indicate the call's success or failure, and then the ExecutionResult is passed to the resource. For a CREATE or UPDATE operation, the GUID of the newly created object or the updated object is put into an ExecutionResult and then passed to the resource.
- The resource receives the ExecutionResult from the Integration layer, takes ExecutionResult's DTO, and uses the resource's transformer to create a representation of the DTO. The resource then sends the ExecutionResult with the representation to the Resource server layer.
- The Resource server layer wraps the ExecutionResult in an OperationResult and passes the OperationResult to the kernel.>
- The kernel converts the Repesentation nested in the OperationResult into a JSON object and sets the OperationResult's ResourceStatus to 200, 401, etc, depending on the success or failure of the operation.
- JSON object is returned back the client with the HTTP status.