kuro: github.com/jalkanen/kuro Index | Examples | Files | Directories

package kuro

import "github.com/jalkanen/kuro"

Displays how to get the Subject in an HTTP context.

Code:

http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
    subject := kuro.Get(r, w)

    log.Printf("Is Subject authenticated? %s\n", subject.IsAuthenticated())
})
log.Fatal(http.ListenAndServe(":6999", nil))

Index

Examples

Package Files

authenticationstrategy.go securitymanager.go subject.go subjectcontext.go

func Finish Uses

func Finish(where *http.Request)

Must be called at the end of the request to clear the current subject

func NewSessionContext Uses

func NewSessionContext(ctx SubjectContext) session.SessionContext

Creates a new Session context from a Subject Context.

func With Uses

func With(where *http.Request, s Subject)

type AbstractAuthenticationStrategy Uses

type AbstractAuthenticationStrategy struct{}

AbstractAuthenticationStrategy provides sane default implementations for the different methods.

func (*AbstractAuthenticationStrategy) AfterAllAttempts Uses

func (s *AbstractAuthenticationStrategy) AfterAllAttempts(token authc.AuthenticationToken, aggregate authc.AuthenticationInfo) (authc.AuthenticationInfo, error)

func (*AbstractAuthenticationStrategy) AfterAttempt Uses

func (s *AbstractAuthenticationStrategy) AfterAttempt(realm realm.Realm, token authc.AuthenticationToken, singleRealmInfo authc.AuthenticationInfo, aggregate authc.AuthenticationInfo, errorFromAuthenticate error) (authc.AuthenticationInfo, error)

Just merges the contents of the singleRealmInfo into the aggregate

func (*AbstractAuthenticationStrategy) BeforeAllAttempts Uses

func (s *AbstractAuthenticationStrategy) BeforeAllAttempts(realms []realm.Realm, token authc.AuthenticationToken) (authc.AuthenticationInfo, error)

func (*AbstractAuthenticationStrategy) BeforeAttempt Uses

func (s *AbstractAuthenticationStrategy) BeforeAttempt(realm realm.Realm, token authc.AuthenticationToken, aggregate authc.AuthenticationInfo) (authc.AuthenticationInfo, error)

type AllSuccessfulStrategy Uses

type AllSuccessfulStrategy struct {
    AbstractAuthenticationStrategy
}

func (*AllSuccessfulStrategy) AfterAttempt Uses

func (s *AllSuccessfulStrategy) AfterAttempt(realm realm.Realm, token authc.AuthenticationToken, singleRealmInfo authc.AuthenticationInfo, aggregate authc.AuthenticationInfo, errorFromAuthenticate error) (authc.AuthenticationInfo, error)

Just merges the contents of the singleRealmInfo into the aggregate

func (*AllSuccessfulStrategy) BeforeAttempt Uses

func (s *AllSuccessfulStrategy) BeforeAttempt(realm realm.Realm, token authc.AuthenticationToken, aggregate authc.AuthenticationInfo) (authc.AuthenticationInfo, error)

type AtLeastOneSuccessfulStrategy Uses

type AtLeastOneSuccessfulStrategy struct {
    AbstractAuthenticationStrategy
}

func (*AtLeastOneSuccessfulStrategy) AfterAllAttempts Uses

func (s *AtLeastOneSuccessfulStrategy) AfterAllAttempts(token authc.AuthenticationToken, aggregate authc.AuthenticationInfo) (authc.AuthenticationInfo, error)

func (*AtLeastOneSuccessfulStrategy) AfterAttempt Uses

func (s *AtLeastOneSuccessfulStrategy) AfterAttempt(realm realm.Realm, token authc.AuthenticationToken, singleRealmInfo authc.AuthenticationInfo, aggregate authc.AuthenticationInfo, errorFromAuthenticate error) (authc.AuthenticationInfo, error)

type AuthenticationStrategy Uses

type AuthenticationStrategy interface {
    BeforeAllAttempts(realms []realm.Realm, token authc.AuthenticationToken) (authc.AuthenticationInfo, error)
    AfterAllAttempts(token authc.AuthenticationToken, aggregate authc.AuthenticationInfo) (authc.AuthenticationInfo, error)
    BeforeAttempt(realm realm.Realm, token authc.AuthenticationToken, aggregateInfo authc.AuthenticationInfo) (authc.AuthenticationInfo, error)
    AfterAttempt(realm realm.Realm, token authc.AuthenticationToken, singleRealmInfo authc.AuthenticationInfo, aggregateInfo authc.AuthenticationInfo, errorFromAuthenticate error) (authc.AuthenticationInfo, error)
}

An AuthenticationStrategy is used when you have multiple different Realms and you wish to control what happens if some of the Realms work and some don't.

If an error is returned from any of these methods, the processing stops and the authentication is considered failed.

type DefaultSecurityManager Uses

type DefaultSecurityManager struct {
    Debug bool

    AuthenticationStrategy AuthenticationStrategy
    // contains filtered or unexported fields
}
var (
    // This is the default Kuro security manager, which should be usable for you most of the time.
    Manager *DefaultSecurityManager
)

func (*DefaultSecurityManager) AddRealm Uses

func (sm *DefaultSecurityManager) AddRealm(r realm.Realm)

Add a new Realm. Note that during authentication, Realms are checked in the same order as they were added.

func (*DefaultSecurityManager) Authenticate Uses

func (sm *DefaultSecurityManager) Authenticate(token authc.AuthenticationToken) (authc.AuthenticationInfo, error)

func (*DefaultSecurityManager) CreateSubject Uses

func (sm *DefaultSecurityManager) CreateSubject(ctx *SubjectContext) (Subject, error)

func (*DefaultSecurityManager) HasRole Uses

func (sm *DefaultSecurityManager) HasRole(principals []interface{}, role string) bool

func (*DefaultSecurityManager) IsPermitted Uses

func (sm *DefaultSecurityManager) IsPermitted(principals []interface{}, permission string) bool

func (*DefaultSecurityManager) IsPermittedP Uses

func (sm *DefaultSecurityManager) IsPermittedP(principals []interface{}, permission authz.Permission) bool

func (*DefaultSecurityManager) Login Uses

func (sm *DefaultSecurityManager) Login(subject Subject, token authc.AuthenticationToken) error

func (*DefaultSecurityManager) Logout Uses

func (sm *DefaultSecurityManager) Logout(subject Subject) error

func (*DefaultSecurityManager) SessionManager Uses

func (sm *DefaultSecurityManager) SessionManager() session.SessionManager

func (*DefaultSecurityManager) SetRealm Uses

func (sm *DefaultSecurityManager) SetRealm(r realm.Realm)

Replaces the realms with a single realm

func (*DefaultSecurityManager) SetSessionManager Uses

func (sm *DefaultSecurityManager) SetSessionManager(s session.SessionManager)

type Delegator Uses

type Delegator struct {
    // contains filtered or unexported fields
}

Delegator is an implementation of Subject that just delegates all the Subject's methods to an underlying SecurityManager instance.

func (*Delegator) HasRole Uses

func (s *Delegator) HasRole(role string) bool

func (*Delegator) IsAuthenticated Uses

func (s *Delegator) IsAuthenticated() bool

func (*Delegator) IsPermitted Uses

func (s *Delegator) IsPermitted(permission string) bool

Swallows the error in case for simplicity

func (*Delegator) IsPermittedP Uses

func (s *Delegator) IsPermittedP(permission authz.Permission) bool

func (*Delegator) IsRemembered Uses

func (s *Delegator) IsRemembered() bool

func (*Delegator) IsRunAs Uses

func (s *Delegator) IsRunAs() bool

func (*Delegator) Login Uses

func (s *Delegator) Login(token authc.AuthenticationToken) error

func (*Delegator) Logout Uses

func (s *Delegator) Logout()

func (*Delegator) PreviousPrincipals Uses

func (s *Delegator) PreviousPrincipals() []interface{}

func (*Delegator) Principal Uses

func (s *Delegator) Principal() interface{}

TODO: Should return something else in error?

func (*Delegator) Principals Uses

func (s *Delegator) Principals() []interface{}

func (*Delegator) ReleaseRunAs Uses

func (s *Delegator) ReleaseRunAs() ([]interface{}, error)

func (*Delegator) RunAs Uses

func (s *Delegator) RunAs(newprincipals []interface{}) error

func (*Delegator) Session Uses

func (s *Delegator) Session() session.Session

func (*Delegator) String Uses

func (s *Delegator) String() string

Stringer. Outputs a nicer version of the subject's principals and whether it is authenticated or not.

type PrincipalStack Uses

type PrincipalStack struct {
    Stack [][]interface{}
    // contains filtered or unexported fields
}

Represents principals for RunAs functionality.

func (*PrincipalStack) GobDecode Uses

func (s *PrincipalStack) GobDecode(data []byte) error

func (*PrincipalStack) GobEncode Uses

func (s *PrincipalStack) GobEncode() ([]byte, error)

Provide GOB encoding and decoding.

func (*PrincipalStack) IsEmpty Uses

func (s *PrincipalStack) IsEmpty() bool

func (*PrincipalStack) Peek Uses

func (s *PrincipalStack) Peek() ([]interface{}, error)

func (*PrincipalStack) Pop Uses

func (s *PrincipalStack) Pop() ([]interface{}, error)

func (*PrincipalStack) Push Uses

func (s *PrincipalStack) Push(principals []interface{})

type SecurityManager Uses

type SecurityManager interface {
    authz.Authorizer
    authc.Authenticator
    CreateSubject(context *SubjectContext) (Subject, error)
    Login(Subject, authc.AuthenticationToken) error
    Logout(Subject) error
    SessionManager() session.SessionManager
}

A SecurityManager is typically a singleton per application, and well, manages security for the application.

It provides authorization, authentication and session management, as well as Subject management.

Users typically don't call the methods on SecurityManager directly, but rely on e.g. a Delegator Subject instance to call them for them.

type Subject Uses

type Subject interface {
    Principal() interface{}
    Session() session.Session
    HasRole(role string) bool
    IsAuthenticated() bool
    IsPermitted(permission string) bool
    IsPermittedP(permission authz.Permission) bool
    Login(authc.AuthenticationToken) error
    Logout()
    RunAs([]interface{}) error
    ReleaseRunAs() ([]interface{}, error)
    IsRunAs() bool
    PreviousPrincipals() []interface{}
    IsRemembered() bool
}

A Subject represents the current user in Kuro. Subjects exist even when the user is not logged in, and in such a case, represent an anonymous user.

However, a Subject is tied to a particular user and never shared with another user.

In an HTTP context, they live through a single HTTP request. If you wish to maintain some state across subsequent requests, use the Subject's Session.

func Get Uses

func Get(r *http.Request, w http.ResponseWriter) Subject

Gets the current subject which is related to the given object. Typically, you would use something like *http.Request as the "where" interface. Every call must be paired with a corresponding call to Finish() The Subject itself can be shared among goroutines. This only works with the global SecurityManager

type SubjectContext Uses

type SubjectContext struct {
    // If true, a Session will be created for Subjects.  If false (default), the Subject will not
    // gain a Session, even when requested.
    CreateSessions bool

    // The HTTP request, if available.
    Request *http.Request

    // The HTTP response, if available.
    ResponseWriter http.ResponseWriter

    // Should this Subject represent an authenticated Subject or not?
    Authenticated bool

    // The list of Principals covered by this Subject.
    Principals []interface{}
}

SubjectContexts control the way a Subject is created. When creating a Subject programmatically (like when assuming an identity), you should pass a SubjectContext based on what you want to do.

Directories

PathSynopsis
authc
authc/credential
authzAuthorization-related packages.
cache
http
iniPackage ini provides functions for parsing INI configuration files.
realm
session
session/gorillaProvides a simple interface to the Gorilla toolkit sessions.

Package kuro imports 14 packages (graph). Updated 2017-03-08. Refresh now. Tools for package owners. This is an inactive package (no imports and no commits in at least two years).