README

Security library by aah framework

Build Status Code Coverage Go Report Card Release Version Godoc

Security library houses all the application security implementation (Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

News

  • v0.10.1 released and tagged on Jul 29, 2018.

Installation

go get -u aahframework.org/security.v0

Visit official website https://aahframework.org to learn more about aah framework.

Documentation

Overview

    Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

    Index

    Constants

    View Source
    const Version = "0.10.1"

      Version is security library version no. of aah framework

      Variables

      View Source
      var (
      	// ErrAuthSchemeIsNil returned when given auth scheme instance is nil.
      	ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil")
      
      	// Bcrypt password algorithm instance for Password generate and compare.
      	// By default it is enabled.
      	Bcrypt acrypto.PasswordEncoder
      
      	// Scrypt password algorithm instance for Password generate and compare.
      	// Enable `scrypt` algorithm in `security.conf` otherwise it might be nil.
      	Scrypt acrypto.PasswordEncoder
      
      	// Pbkdf2 password algorithm instance for Password generate and compare.
      	// Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil.
      	Pbkdf2 acrypto.PasswordEncoder
      )

      Functions

      func ReleaseSubject

      func ReleaseSubject(s *Subject)

        ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.

        Types

        type Manager

        type Manager struct {
        	IsSSLEnabled   bool
        	SessionManager *session.Manager
        	SecureHeaders  *SecureHeaders
        	AntiCSRF       *anticsrf.AntiCSRF
        	// contains filtered or unexported fields
        }

          Manager holds aah security management and its implementation.

          func New

          func New() *Manager

            New method creates the security manager initial values and returns it.

            func (*Manager) AddAuthScheme

            func (m *Manager) AddAuthScheme(name string, authScheme scheme.Schemer) error

              AddAuthScheme method adds the given name and auth scheme to view schemes.

              func (*Manager) AuthScheme

              func (m *Manager) AuthScheme(name string) scheme.Schemer

                AuthScheme method returns the auth scheme instance for given name otherwise nil.

                func (*Manager) AuthSchemes

                func (m *Manager) AuthSchemes() map[string]scheme.Schemer

                  AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.

                  func (*Manager) Init

                  func (m *Manager) Init(appCfg *config.Config) error

                    Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.

                    type SecureHeaders

                    type SecureHeaders struct {
                    	CSPReportOnly bool
                    	PKPReportOnly bool
                    	STS           string
                    	PKP           string
                    	XSSFilter     string
                    	CSP           string
                    
                    	Common map[string]string
                    }

                      SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.

                      type Subject

                      type Subject struct {
                      	AuthenticationInfo *authc.AuthenticationInfo
                      	AuthorizationInfo  *authz.AuthorizationInfo
                      	Session            *session.Session
                      }

                      Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.

                      Acquiring a Subject

                      To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.

                      Permission methods

                      Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.

                      func AcquireSubject

                      func AcquireSubject() *Subject

                        AcquireSubject method gets the subject from pool.

                        func (*Subject) AllPrincipals

                        func (s *Subject) AllPrincipals() []*authc.Principal

                          AllPrincipals method is convenience wrapper.

                          func (*Subject) HasAllRoles

                          func (s *Subject) HasAllRoles(roles ...string) bool

                            HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.

                            func (*Subject) HasAnyRole

                            func (s *Subject) HasAnyRole(roles ...string) bool

                              HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.

                              func (*Subject) HasRole

                              func (s *Subject) HasRole(role string) bool

                                HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.

                                func (*Subject) IsAuthenticated

                                func (s *Subject) IsAuthenticated() bool

                                  IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.

                                  func (*Subject) IsPermitted

                                  func (s *Subject) IsPermitted(permission string) bool

                                    IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.

                                    func (*Subject) IsPermittedAll

                                    func (s *Subject) IsPermittedAll(permissions ...string) bool

                                      IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.

                                      func (*Subject) Logout

                                      func (s *Subject) Logout()

                                        Logout method is convenience wrapper. See `Session.Clear`.

                                        func (*Subject) PrimaryPrincipal

                                        func (s *Subject) PrimaryPrincipal() *authc.Principal

                                          PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.

                                          func (*Subject) Principal

                                          func (s *Subject) Principal(claim string) *authc.Principal

                                            Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.

                                            func (*Subject) Reset

                                            func (s *Subject) Reset()

                                              Reset method clear the instance for reuse.

                                              func (Subject) String

                                              func (s Subject) String() string

                                                String method is stringer interface implementation.

                                                Directories

                                                Path Synopsis
                                                Package session provides HTTP state management library for aah framework.
                                                Package session provides HTTP state management library for aah framework.