-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #19 from billkalter/bkalter-emo-6001-public
Owner-aware databus and internal IDs for API keys
- Loading branch information
Showing
80 changed files
with
2,736 additions
and
373 deletions.
There are no files selected for viewing
10 changes: 10 additions & 0 deletions
10
auth/auth-core/src/main/java/com/bazaarvoice/emodb/auth/EmoSecurityManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package com.bazaarvoice.emodb.auth; | ||
|
||
import org.apache.shiro.mgt.SecurityManager; | ||
|
||
/** | ||
* Extension of the {@link SecurityManager} interface which adds methods for verifying permissions by internal ID | ||
* for users not currently authenticated. | ||
*/ | ||
public interface EmoSecurityManager extends SecurityManager, InternalAuthorizer { | ||
} |
29 changes: 29 additions & 0 deletions
29
auth/auth-core/src/main/java/com/bazaarvoice/emodb/auth/InternalAuthorizer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
package com.bazaarvoice.emodb.auth; | ||
|
||
import org.apache.shiro.authz.Permission; | ||
|
||
import javax.annotation.Nullable; | ||
|
||
/** | ||
* Interface for performing authorization internally within the system. Unlike SecurityManager this interface is | ||
* intended to be used primarily in contexts where the user is not authenticated. The interface is intentionally | ||
* limited to discourage bypassing the SecurityManager when dealing with authenticated users. | ||
* | ||
* Internal systems are encouraged to identify relationships such as resource ownership with internal IDs instead of | ||
* public credentials like API keys for the following reasons: | ||
* | ||
* <ul> | ||
* <li>If the API key for a user is changed the internal ID remains constant.</li> | ||
* <li>They can safely log and store the internal ID of a user without risk of leaking plaintext credentials.</li> | ||
* </ul> | ||
*/ | ||
public interface InternalAuthorizer { | ||
|
||
boolean hasPermissionByInternalId(String internalId, String permission); | ||
|
||
boolean hasPermissionByInternalId(String internalId, Permission permission); | ||
|
||
boolean hasPermissionsByInternalId(String internalId, String... permissions); | ||
|
||
boolean hasPermissionsByInternalId(String internalId, Permission... permissions); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.