import "aahframe.work/security"
Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.
var ( // ErrAuthSchemeIsNil returned when given auth scheme instance is nil. ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil") // Bcrypt password algorithm instance for Password generate and compare. // By default it is enabled. Bcrypt acrypto.PasswordEncoder // Scrypt password algorithm instance for Password generate and compare. // Enable `scrypt` algorithm in `security.conf` otherwise it might be nil. Scrypt acrypto.PasswordEncoder // Pbkdf2 password algorithm instance for Password generate and compare. // Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil. Pbkdf2 acrypto.PasswordEncoder )
ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.
type Manager struct { IsSSLEnabled bool SessionManager *session.Manager SecureHeaders *SecureHeaders AntiCSRF *anticsrf.AntiCSRF // contains filtered or unexported fields }
Manager holds aah security management and its implementation.
New method creates the security manager initial values and returns it.
AddAuthScheme method adds the given name and auth scheme to view schemes.
AuthScheme method returns the auth scheme instance for given name otherwise nil.
AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.
Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.
type SecureHeaders struct { CSPReportOnly bool PKPReportOnly bool STS string PKP string XSSFilter string CSP string Common map[string]string }
SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.
type Subject struct { AuthenticationInfo *authc.AuthenticationInfo AuthorizationInfo *authz.AuthorizationInfo Session *session.Session }
Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.
To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.
Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.
AcquireSubject method gets the subject from pool.
AllPrincipals method is convenience wrapper.
HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.
HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.
HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.
IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.
IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.
IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.
Logout method is convenience wrapper. See `Session.Clear`.
PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.
Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.
Reset method clear the instance for reuse.
String method is stringer interface implementation.
Path | Synopsis |
---|---|
acrypto | |
anticsrf | |
authc | |
authz | |
cookie | |
scheme | |
session | Package session provides HTTP state management library for aah framework. |
Package security imports 15 packages (graph) and is imported by 6 packages. Updated 2020-09-07. Refresh now. Tools for package owners.