Documentation ¶
Overview ¶
Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.
Index ¶
- Constants
- Variables
- func ReleaseSubject(s *Subject)
- type Manager
- type SecureHeaders
- type Subject
- func (s *Subject) AllPrincipals() []*authc.Principal
- func (s *Subject) HasAllRoles(roles ...string) bool
- func (s *Subject) HasAnyRole(roles ...string) bool
- func (s *Subject) HasRole(role string) bool
- func (s *Subject) IsAuthenticated() bool
- func (s *Subject) IsPermitted(permission string) bool
- func (s *Subject) IsPermittedAll(permissions ...string) bool
- func (s *Subject) Logout()
- func (s *Subject) PrimaryPrincipal() *authc.Principal
- func (s *Subject) Principal(claim string) *authc.Principal
- func (s *Subject) Reset()
- func (s Subject) String() string
Constants ¶
const Version = "0.10.1"
Version is security library version no. of aah framework
Variables ¶
var ( // ErrAuthSchemeIsNil returned when given auth scheme instance is nil. ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil") // Bcrypt password algorithm instance for Password generate and compare. // By default it is enabled. Bcrypt acrypto.PasswordEncoder // Scrypt password algorithm instance for Password generate and compare. // Enable `scrypt` algorithm in `security.conf` otherwise it might be nil. Scrypt acrypto.PasswordEncoder // Pbkdf2 password algorithm instance for Password generate and compare. // Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil. Pbkdf2 acrypto.PasswordEncoder )
Functions ¶
func ReleaseSubject ¶ added in v0.10.0
func ReleaseSubject(s *Subject)
ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.
Types ¶
type Manager ¶ added in v0.10.0
type Manager struct { IsSSLEnabled bool SessionManager *session.Manager SecureHeaders *SecureHeaders AntiCSRF *anticsrf.AntiCSRF // contains filtered or unexported fields }
Manager holds aah security management and its implementation.
func New ¶
func New() *Manager
New method creates the security manager initial values and returns it.
func (*Manager) AddAuthScheme ¶ added in v0.10.0
AddAuthScheme method adds the given name and auth scheme to view schemes.
func (*Manager) AuthScheme ¶ added in v0.10.0
AuthScheme method returns the auth scheme instance for given name otherwise nil.
func (*Manager) AuthSchemes ¶ added in v0.10.0
AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.
type SecureHeaders ¶ added in v0.10.0
type SecureHeaders struct { CSPReportOnly bool PKPReportOnly bool STS string PKP string XSSFilter string CSP string Common map[string]string }
SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.
type Subject ¶ added in v0.10.0
type Subject struct { AuthenticationInfo *authc.AuthenticationInfo AuthorizationInfo *authz.AuthorizationInfo Session *session.Session }
Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.
Acquiring a Subject ¶
To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.
Permission methods ¶
Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.
func AcquireSubject ¶ added in v0.10.0
func AcquireSubject() *Subject
AcquireSubject method gets the subject from pool.
func (*Subject) AllPrincipals ¶ added in v0.10.0
AllPrincipals method is convenience wrapper.
func (*Subject) HasAllRoles ¶ added in v0.10.0
HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.
func (*Subject) HasAnyRole ¶ added in v0.10.0
HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.
func (*Subject) HasRole ¶ added in v0.10.0
HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.
func (*Subject) IsAuthenticated ¶ added in v0.10.0
IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.
func (*Subject) IsPermitted ¶ added in v0.10.0
IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.
func (*Subject) IsPermittedAll ¶ added in v0.10.0
IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.
func (*Subject) Logout ¶ added in v0.10.0
func (s *Subject) Logout()
Logout method is convenience wrapper. See `Session.Clear`.
func (*Subject) PrimaryPrincipal ¶ added in v0.10.0
PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.
func (*Subject) Principal ¶ added in v0.10.0
Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.