aahframe.work: aahframe.work/security Index | Files | Directories

package security

import "aahframe.work/security"

Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.


Package Files

security.go subject.go


var (
    // ErrAuthSchemeIsNil returned when given auth scheme instance is nil.
    ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil")

    // Bcrypt password algorithm instance for Password generate and compare.
    // By default it is enabled.
    Bcrypt acrypto.PasswordEncoder

    // Scrypt password algorithm instance for Password generate and compare.
    // Enable `scrypt` algorithm in `security.conf` otherwise it might be nil.
    Scrypt acrypto.PasswordEncoder

    // Pbkdf2 password algorithm instance for Password generate and compare.
    // Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil.
    Pbkdf2 acrypto.PasswordEncoder

func ReleaseSubject Uses

func ReleaseSubject(s *Subject)

ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.

type Manager Uses

type Manager struct {
    IsSSLEnabled   bool
    SessionManager *session.Manager
    SecureHeaders  *SecureHeaders
    AntiCSRF       *anticsrf.AntiCSRF
    // contains filtered or unexported fields

Manager holds aah security management and its implementation.

func New Uses

func New() *Manager

New method creates the security manager initial values and returns it.

func (*Manager) AddAuthScheme Uses

func (m *Manager) AddAuthScheme(name string, authScheme scheme.Schemer) error

AddAuthScheme method adds the given name and auth scheme to view schemes.

func (*Manager) AuthScheme Uses

func (m *Manager) AuthScheme(name string) scheme.Schemer

AuthScheme method returns the auth scheme instance for given name otherwise nil.

func (*Manager) AuthSchemes Uses

func (m *Manager) AuthSchemes() map[string]scheme.Schemer

AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.

func (*Manager) Init Uses

func (m *Manager) Init(appCfg *config.Config) error

Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.

type SecureHeaders Uses

type SecureHeaders struct {
    CSPReportOnly bool
    PKPReportOnly bool
    STS           string
    PKP           string
    XSSFilter     string
    CSP           string

    Common map[string]string

SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.

type Subject Uses

type Subject struct {
    AuthenticationInfo *authc.AuthenticationInfo
    AuthorizationInfo  *authz.AuthorizationInfo
    Session            *session.Session

Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.

Acquiring a Subject

To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.

Permission methods

Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.

func AcquireSubject Uses

func AcquireSubject() *Subject

AcquireSubject method gets the subject from pool.

func (*Subject) AllPrincipals Uses

func (s *Subject) AllPrincipals() []*authc.Principal

AllPrincipals method is convenience wrapper.

func (*Subject) HasAllRoles Uses

func (s *Subject) HasAllRoles(roles ...string) bool

HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.

func (*Subject) HasAnyRole Uses

func (s *Subject) HasAnyRole(roles ...string) bool

HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.

func (*Subject) HasRole Uses

func (s *Subject) HasRole(role string) bool

HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.

func (*Subject) IsAuthenticated Uses

func (s *Subject) IsAuthenticated() bool

IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.

func (*Subject) IsPermitted Uses

func (s *Subject) IsPermitted(permission string) bool

IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.

func (*Subject) IsPermittedAll Uses

func (s *Subject) IsPermittedAll(permissions ...string) bool

IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.

func (*Subject) Logout Uses

func (s *Subject) Logout()

Logout method is convenience wrapper. See `Session.Clear`.

func (*Subject) PrimaryPrincipal Uses

func (s *Subject) PrimaryPrincipal() *authc.Principal

PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.

func (*Subject) Principal Uses

func (s *Subject) Principal(claim string) *authc.Principal

Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.

func (*Subject) Reset Uses

func (s *Subject) Reset()

Reset method clear the instance for reuse.

func (Subject) String Uses

func (s Subject) String() string

String method is stringer interface implementation.


sessionPackage session provides HTTP state management library for aah framework.

Package security imports 15 packages (graph) and is imported by 6 packages. Updated 2020-09-07. Refresh now. Tools for package owners.