security

package module
Version: v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2018 License: MIT Imports: 15 Imported by: 6

README

Security library by aah framework

Build Status Code Coverage Go Report Card Release Version Godoc

Security library houses all the application security implementation (Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

News

  • v0.10.0 released and tagged on Jul 06, 2018.

Installation

go get -u aahframework.org/security.v0

Visit official website https://aahframework.org to learn more about aah framework.

Documentation

Overview

Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

Index

Constants

View Source
const Version = "0.10.0"

Version is security library version no. of aah framework

Variables

View Source
var (
	// ErrAuthSchemeIsNil returned when given auth scheme instance is nil.
	ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil")

	// Bcrypt password algorithm instance for Password generate and compare.
	// By default it is enabled.
	Bcrypt acrypto.PasswordEncoder

	// Scrypt password algorithm instance for Password generate and compare.
	// Enable `scrypt` algorithm in `security.conf` otherwise it might be nil.
	Scrypt acrypto.PasswordEncoder

	// Pbkdf2 password algorithm instance for Password generate and compare.
	// Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil.
	Pbkdf2 acrypto.PasswordEncoder
)

Functions

func ReleaseSubject added in v0.10.0

func ReleaseSubject(s *Subject)

ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.

Types

type Manager added in v0.10.0

type Manager struct {
	SessionManager *session.Manager
	SecureHeaders  *SecureHeaders
	AntiCSRF       *anticsrf.AntiCSRF
	IsSSLEnabled   bool
	// contains filtered or unexported fields
}

Manager holds aah security management and its implementation.

func New

func New() *Manager

New method creates the security manager initial values and returns it.

func (*Manager) AddAuthScheme added in v0.10.0

func (m *Manager) AddAuthScheme(name string, authScheme scheme.Schemer) error

AddAuthScheme method adds the given name and auth scheme to view schemes.

func (*Manager) AuthScheme added in v0.10.0

func (m *Manager) AuthScheme(name string) scheme.Schemer

AuthScheme method returns the auth scheme instance for given name otherwise nil.

func (*Manager) AuthSchemes added in v0.10.0

func (m *Manager) AuthSchemes() map[string]scheme.Schemer

AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.

func (*Manager) Init added in v0.10.0

func (m *Manager) Init(appCfg *config.Config) error

Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.

type SecureHeaders added in v0.10.0

type SecureHeaders struct {
	Common map[string]string

	// Applied to all HTTPS response.
	STS           string
	PKP           string
	PKPReportOnly bool

	// Applied to all HTML Content-Type
	XSSFilter     string
	CSP           string
	CSPReportOnly bool
}

SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.

type Subject added in v0.10.0

type Subject struct {
	AuthenticationInfo *authc.AuthenticationInfo
	AuthorizationInfo  *authz.AuthorizationInfo
	Session            *session.Session
}

Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.

Acquiring a Subject

To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.

Permission methods

Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.

func AcquireSubject added in v0.10.0

func AcquireSubject() *Subject

AcquireSubject method gets the subject from pool.

func (*Subject) AllPrincipals added in v0.10.0

func (s *Subject) AllPrincipals() []*authc.Principal

AllPrincipals method is convenience wrapper.

func (*Subject) HasAllRoles added in v0.10.0

func (s *Subject) HasAllRoles(roles ...string) bool

HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.

func (*Subject) HasAnyRole added in v0.10.0

func (s *Subject) HasAnyRole(roles ...string) bool

HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.

func (*Subject) HasRole added in v0.10.0

func (s *Subject) HasRole(role string) bool

HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.

func (*Subject) IsAuthenticated added in v0.10.0

func (s *Subject) IsAuthenticated() bool

IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.

func (*Subject) IsPermitted added in v0.10.0

func (s *Subject) IsPermitted(permission string) bool

IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.

func (*Subject) IsPermittedAll added in v0.10.0

func (s *Subject) IsPermittedAll(permissions ...string) bool

IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.

func (*Subject) Logout added in v0.10.0

func (s *Subject) Logout()

Logout method is convenience wrapper. See `Session.Clear`.

func (*Subject) PrimaryPrincipal added in v0.10.0

func (s *Subject) PrimaryPrincipal() *authc.Principal

PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.

func (*Subject) Principal added in v0.10.0

func (s *Subject) Principal(claim string) *authc.Principal

Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.

func (*Subject) Reset added in v0.10.0

func (s *Subject) Reset()

Reset method clear the instance for reuse.

func (Subject) String added in v0.10.0

func (s Subject) String() string

String method is stringer interface implementation.

Directories

Path Synopsis
Package session provides HTTP state management library for aah framework.
Package session provides HTTP state management library for aah framework.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL