# README
Security
The security module is organized into sub packages each corresponding to a security features. The top level security.Use()
does nothing on its own. It simply provides a mechanism where application code can express its security requirements through configuration.
The security module does this by providing a Initializer and a Registrar.
The registrar's job is to keep list of two things:
-
WebSecurity Configurer
A
WebSecuritystruct holds information on security configuration. This is expressed through a combination ofRoute(the path and method pattern which this WebSecurity applies),Condition(additional conditions of incoming requests, which this WebSecurity applies to) andFeatures(security features to apply).To define the desired security configuration, calling code provides implementation of the
security.Configurerinterface. It requires aConfigure(WebSecurity)method in which the calling code can configure theWebSecurityinstance. Usually this is provided by application code. -
Feature Configurer
A
security.FeatureConfigureris internal to the security package, and it's not meant to be used by application code. It defines how a particular feature needs to modifyWebSecurity. Usually in terms of what middleware handler functions need to be added. For example, the Session feature's configurer will add a couple of middlewares handler functions to theWebSecurityto load and persist session.
The initializer's job is to apply the security configuration expressed by all the WebSecurity configurers. It does so by looping through
the configurers. Each configurer is given a new WebSecurity instance, so that the configurer can express its security configuration on this WebSecurity instance.
Then the features specified on this WebSecurity instance is resolved using the corresponding feature configurer. At this point the WebSecurity is
expressed in request patterns and middleware handler functions. The initializer then adds the pattern and handler functions as
mappings to the web registrar. The initializer repeats this process until all the WebSecurity configurers are processed.
# Packages
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Functions
BindSessionProperties create and bind SessionProperties, with a optional prefix.
No description provided by the author
Clear attempt to set security context as "unauthenticated".
No description provided by the author
FeatureId create an ordered FeatureIdentifier.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
HasAccessToTenant if no error return true, otherwise return false.
HasErrorAccessingTenant
if the tenantId is not valid, this method will return false, otherwise the following checks are applied in order
1.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
IsTenantValid In most cases, the HasAccessToTenant should be used instead.
MustClear set security context as "unauthenticated".
MustSet is the panicking version of Set.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
NewCodedError creates concrete error.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
NewSessionProperties create a SessionProperties with default values.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
PriorityFeatureId create a priority ordered FeatureIdentifier.
Set security context, return error if the given context is not backed by utils.MutableContext.
SimpleFeatureId create unordered FeatureIdentifier.
Use Maker func, does nothing.
No description provided by the author
No description provided by the author
No description provided by the author
# Constants
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
CompatibilityReference*
* Note about compatibility reference:
*
* Whenever an incompatible security model changes (in terms of serialization) is made to the class,
* we should update the version tag.
SMCR = Security Model Compatibility Ref.
CSRF headers and parameter names - shared by CSRF feature and session feature's request cache.
CSRF headers and parameter names - shared by CSRF feature and session feature's request cache.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
ErrorSubTypeCodeUsernamePasswordAuth.
ErrorSubTypeCodeInternal.
ErrorSubTypeCodeUsernamePasswordAuth.
ErrorSubTypeCodeUsernamePasswordAuth.
No description provided by the author
ErrorSubTypeCodeUsernamePasswordAuth.
No description provided by the author
ErrorSubTypeCodeUsernamePasswordAuth.
All "SubType" values are used as mask sub types of ErrorTypeCodeAccessControl.
All "SubType" values are used as mask sub types of ErrorTypeCodeAuthentication.
All "SubType" values are used as mask sub types of ErrorTypeCodeAccessControl.
All "SubType" values are used as mask sub types of ErrorTypeCodeAuthentication.
All "SubType" values are used as mask sub types of ErrorTypeCodeAccessControl.
All "SubType" values are used as mask sub types of ErrorTypeCodeAuthentication.
All "SubType" values are used as mask sub types of ErrorTypeCodeTenancy.
All "SubType" values are used as mask sub types of ErrorTypeCodeTenancy.
All "SubType" values are used as mask sub types of ErrorTypeCodeAuthentication.
All "Type" values are used as mask.
All "Type" values are used as mask.
All "Type" values are used as mask.
All "Type" values are used as mask.
All "Type" values are used as mask.
All "Type" values are used as mask.
All "Type" values are used as mask.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
..
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
Feature Orders, if feature is not listed here, it's unordered.
AuthenticationSuccessHandler Orders, if not listed here, it's unordered.
AuthenticationSuccessHandler Orders, if not listed here, it's unordered.
-0x3ffff = -262143.
-0x30000 = -196608.
No description provided by the author
No description provided by the author
..
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
Middleware Orders.
security reserved.
No description provided by the author
SpecialPermissionAccessAllTenant Deprecated: this permission is no longer sufficient to determine tenancy access in the case of an oauth2 authentication where the client is also tenanted.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Variables
Concrete error, can be used in errors.Is for exact match.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
Concrete error, can be used in errors.Is for exact match.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
ErrorTypes, can be used in errors.Is.
No description provided by the author
# Structs
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
CodedError implements errorutils.ErrorCoder, errorutils.ComparableErrorCoder, errorutils.NestedError.
CompositeAccessDeniedHandler implement AccessDeniedHandler interface.
CompositeAuthenticationErrorHandler implement AuthenticationErrorHandler interface.
CompositeAuthenticationSuccessHandler implement AuthenticationSuccessHandler interface.
CompositeAuthenticator implement Authenticator interface.
CompositeAuthenticatorBuilder implements AuthenticatorBuilder.
*CompositeErrorHandler implement ErrorHandler interface.
No description provided by the author
DefaultAccessDeniedHandler implements AccessDeniedHandler.
No description provided by the author
DefaultAuthenticationErrorHandler implements AuthenticationErrorHandler.
DefaultErrorHandler implements ErrorHandler.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Interfaces
AccessDeniedHandler handles ErrorSubTypeAccessDenied.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
AuthenticationEntryPoint kicks off authentication process.
AuthenticationErrorHandler handles ErrorTypeAuthentication.
AuthenticationSuccessHandler handles authentication success event The counterpart of this interface is AuthenticationErrorHandler.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Configurer can be registered to Registrar.
No description provided by the author
No description provided by the author
ErrorHandler handles any other type of errors.
Feature holds security settings of specific feature.
FeatureConfigurer not intended to be used directly in service.
FeatureIdentifier is unique for each feature.
FeatureModifier add or remove features.
No description provided by the author
No description provided by the author
No description provided by the author
Initializer is the entry point to bootstrap security.
No description provided by the author
No description provided by the author
ProviderDetails is available if tenant is selected (tenant dictates provider).
No description provided by the author
No description provided by the author
Registrar is the entry point to configure security.
TenantDetails is available in the following scenarios:
user auth, tenant can be determined (either selected tenant, or there is a default tenant) client auth, tenant can be determined (either selected tenant, or there is a default tenant).
No description provided by the author
UserDetails is available for user authentication.
WebSecurity holds information on security configuration.
No description provided by the author
No description provided by the author
# Type aliases
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
EmptyAuthentication represent unauthenticated user.
No description provided by the author
No description provided by the author