security

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KernelFirewallListenerPriority = 50

	KernelAccessControlListenerPriority = 20
)
View Source 
const (
	ServiceFirewallManager = "service.security.firewall_manager"
)

Variables

This section is empty.

Functions

func FirewallManagerFromContainer 

func FirewallManagerFromContainer(serviceContainer containercontract.Container) securitycontract.FirewallManager

func FirewallManagerMustFromContainer 

func FirewallManagerMustFromContainer(serviceContainer containercontract.Container) securitycontract.FirewallManager

func IsGranted 

func IsGranted(runtimeInstance runtimecontract.Runtime, role string) bool

func RegisterKernelAccessControlListener 

func RegisterKernelAccessControlListener(kernelInstance kernelcontract.Kernel, registry *FirewallRegistry)

func RegisterKernelSecurityResolutionListener 

func RegisterKernelSecurityResolutionListener(kernelInstance kernelcontract.Kernel, registry *FirewallRegistry)

func SecurityContextSetOnRuntime 

func SecurityContextSetOnRuntime(runtimeInstance runtimecontract.Runtime, securityContext *SecurityContext)

Types

type AccessControl 

type AccessControl struct {
	// contains filtered or unexported fields
}

func NewAccessControl 

func NewAccessControl(rules ...AccessControlRule) *AccessControl

func (*AccessControl) Match 

func (instance *AccessControl) Match(path string) ([]string, bool)

func (*AccessControl) Rules 

func (instance *AccessControl) Rules() []AccessControlRule

type AccessControlRule 

type AccessControlRule struct {
	// contains filtered or unexported fields
}

func NewAccessControlExactRule 

func NewAccessControlExactRule(path string, attributes ...string) AccessControlRule

func NewAccessControlRegexRule 

func NewAccessControlRegexRule(pattern string, attributes ...string) AccessControlRule

func NewAccessControlRule 

func NewAccessControlRule(pathPrefix string, attributes ...string) AccessControlRule

func NewAccessControlRuleWithSegmentPrefix 

func NewAccessControlRuleWithSegmentPrefix(pathPrefix string, attributes ...string) AccessControlRule

type AccessDecisionManager 

type AccessDecisionManager struct {
	// contains filtered or unexported fields
}

func NewAccessDecisionManager 

func NewAccessDecisionManager(strategy securitycontract.DecisionStrategy, voters ...securitycontract.Voter) *AccessDecisionManager

func (*AccessDecisionManager) DecideAll 

func (instance *AccessDecisionManager) DecideAll(token securitycontract.Token, attributes []string, subject any) error

func (*AccessDecisionManager) DecideAny 

func (instance *AccessDecisionManager) DecideAny(token securitycontract.Token, attributes []string, subject any) error

type AnonymousToken 

type AnonymousToken struct {
}

func NewAnonymousToken 

func NewAnonymousToken() *AnonymousToken

func (*AnonymousToken) IsAuthenticated 

func (instance *AnonymousToken) IsAuthenticated() bool

func (*AnonymousToken) Roles 

func (instance *AnonymousToken) Roles() []string

func (*AnonymousToken) UserIdentifier 

func (instance *AnonymousToken) UserIdentifier() string

type ApiKeyHeaderAuthenticator 

type ApiKeyHeaderAuthenticator struct {
	// contains filtered or unexported fields
}

func NewApiKeyHeaderAuthenticator 

func NewApiKeyHeaderAuthenticator(headerName string, expectedValue string, userId string, roles []string) *ApiKeyHeaderAuthenticator

func (*ApiKeyHeaderAuthenticator) Authenticate 

func (instance *ApiKeyHeaderAuthenticator) Authenticate(request httpcontract.Request) (securitycontract.Token, error)

func (*ApiKeyHeaderAuthenticator) Supports 

func (instance *ApiKeyHeaderAuthenticator) Supports(request httpcontract.Request) bool

type ApiKeyHeaderRule 

type ApiKeyHeaderRule struct {
	// contains filtered or unexported fields
}

func NewApiKeyHeaderRule 

func NewApiKeyHeaderRule(matcher securitycontract.Matcher, headerName string, expectedValue string) *ApiKeyHeaderRule

func (*ApiKeyHeaderRule) Applies 

func (instance *ApiKeyHeaderRule) Applies(request httpcontract.Request) bool

func (*ApiKeyHeaderRule) Check 

func (instance *ApiKeyHeaderRule) Check(request httpcontract.Request) error

type AuthenticatedToken 

type AuthenticatedToken struct {
	// contains filtered or unexported fields
}

func NewAuthenticatedToken 

func NewAuthenticatedToken(userIdentifier string, roles []string) *AuthenticatedToken

func (*AuthenticatedToken) IsAuthenticated 

func (instance *AuthenticatedToken) IsAuthenticated() bool

func (*AuthenticatedToken) Roles 

func (instance *AuthenticatedToken) Roles() []string

func (*AuthenticatedToken) UserIdentifier 

func (instance *AuthenticatedToken) UserIdentifier() string

type AuthenticatorManager 

type AuthenticatorManager struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorManager 

func NewAuthenticatorManager(authenticators ...securitycontract.Authenticator) *AuthenticatorManager

func (*AuthenticatorManager) Authenticate 

func (instance *AuthenticatorManager) Authenticate(request httpcontract.Request) (securitycontract.Token, bool, error)

type AuthenticatorTokenSource 

type AuthenticatorTokenSource struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorTokenSource 

func NewAuthenticatorTokenSource(manager *AuthenticatorManager) *AuthenticatorTokenSource

func (*AuthenticatorTokenSource) Name 

func (instance *AuthenticatorTokenSource) Name() string

func (*AuthenticatorTokenSource) Resolve 

func (instance *AuthenticatorTokenSource) Resolve(runtimeInstance runtimecontract.Runtime, request httpcontract.Request) (securitycontract.Token, error)

type AuthorizationDeniedEvent 

type AuthorizationDeniedEvent struct {
	// contains filtered or unexported fields
}

func NewAuthorizationDeniedEvent 

func NewAuthorizationDeniedEvent(request httpcontract.Request, attributes []string, err error) *AuthorizationDeniedEvent

func (*AuthorizationDeniedEvent) Attributes 

func (instance *AuthorizationDeniedEvent) Attributes() []string

func (*AuthorizationDeniedEvent) Err 

func (instance *AuthorizationDeniedEvent) Err() error

func (*AuthorizationDeniedEvent) Request 

func (instance *AuthorizationDeniedEvent) Request() httpcontract.Request

type AuthorizationGrantedEvent 

type AuthorizationGrantedEvent struct {
	// contains filtered or unexported fields
}

func NewAuthorizationGrantedEvent 

func NewAuthorizationGrantedEvent(request httpcontract.Request, attributes []string) *AuthorizationGrantedEvent

func (*AuthorizationGrantedEvent) Attributes 

func (instance *AuthorizationGrantedEvent) Attributes() []string

func (*AuthorizationGrantedEvent) Request 

func (instance *AuthorizationGrantedEvent) Request() httpcontract.Request

type CompiledConfiguration 

type CompiledConfiguration struct {
	// contains filtered or unexported fields
}

func NewCompiledConfiguration 

func NewCompiledConfiguration(firewalls []*CompiledFirewall, globalAccessControl *AccessControl) *CompiledConfiguration

func (*CompiledConfiguration) Firewalls 

func (instance *CompiledConfiguration) Firewalls() []*CompiledFirewall

func (*CompiledConfiguration) GlobalAccessControl 

func (instance *CompiledConfiguration) GlobalAccessControl() *AccessControl

type CompiledFirewall 

type CompiledFirewall struct {
	// contains filtered or unexported fields
}

func NewCompiledFirewall 

func NewCompiledFirewall(
	name string,
	matcher securitycontract.Matcher,
	matcherDescription string,
	rules []securitycontract.Rule,
	tokenSource securitycontract.TokenSource,
	accessControl *AccessControl,
	accessDecisionManager securitycontract.AccessDecisionManager,
	roleHierarchy *RoleHierarchy,
	entryPoint securitycontract.EntryPoint,
	accessDeniedHandler securitycontract.AccessDeniedHandler,
	loginPath string,
	logoutPath string,
	loginHandler securitycontract.LoginHandler,
	logoutHandler securitycontract.LogoutHandler,
	roleHierarchySource Source,
	accessDecisionManagerSource Source,
	accessControlSource Source,
	entryPointSource Source,
	accessDeniedHandlerSource Source,
) *CompiledFirewall

func (*CompiledFirewall) AccessControl 

func (instance *CompiledFirewall) AccessControl() *AccessControl

func (*CompiledFirewall) AccessDecisionManager 

func (instance *CompiledFirewall) AccessDecisionManager() securitycontract.AccessDecisionManager

func (*CompiledFirewall) AccessDeniedHandler 

func (instance *CompiledFirewall) AccessDeniedHandler() securitycontract.AccessDeniedHandler

func (*CompiledFirewall) EntryPoint 

func (instance *CompiledFirewall) EntryPoint() securitycontract.EntryPoint

func (*CompiledFirewall) Login 

func (instance *CompiledFirewall) Login(
	runtimeInstance runtimecontract.Runtime,
	request httpcontract.Request,
	input securitycontract.LoginInput,
) (*securitycontract.LoginResult, error)

func (*CompiledFirewall) LoginPath 

func (instance *CompiledFirewall) LoginPath() string

func (*CompiledFirewall) Logout 

func (instance *CompiledFirewall) Logout(
	runtimeInstance runtimecontract.Runtime,
	request httpcontract.Request,
	input securitycontract.LogoutInput,
) (*securitycontract.LogoutResult, error)

func (*CompiledFirewall) LogoutPath 

func (instance *CompiledFirewall) LogoutPath() string

func (*CompiledFirewall) Matcher 

func (instance *CompiledFirewall) Matcher() securitycontract.Matcher

func (*CompiledFirewall) MatcherDescription 

func (instance *CompiledFirewall) MatcherDescription() string

func (*CompiledFirewall) Name 

func (instance *CompiledFirewall) Name() string

func (*CompiledFirewall) RoleHierarchy 

func (instance *CompiledFirewall) RoleHierarchy() *RoleHierarchy

func (*CompiledFirewall) Rules 

func (instance *CompiledFirewall) Rules() []securitycontract.Rule

func (*CompiledFirewall) Sources 

func (instance *CompiledFirewall) Sources() (Source, Source, Source, Source, Source)

func (*CompiledFirewall) TokenSource 

func (instance *CompiledFirewall) TokenSource() securitycontract.TokenSource

type Firewall 

type Firewall struct {
	// contains filtered or unexported fields
}

func NewFirewall 

func NewFirewall(rules ...securitycontract.Rule) *Firewall

func (*Firewall) Check 

func (instance *Firewall) Check(request httpcontract.Request) error

type FirewallManager 

type FirewallManager struct {
	// contains filtered or unexported fields
}

func NewFirewallManager 

func NewFirewallManager(compiledConfiguration *CompiledConfiguration) *FirewallManager

func (*FirewallManager) Firewall 

func (instance *FirewallManager) Firewall(name string) (securitycontract.Firewall, error)

type FirewallRegistry 

type FirewallRegistry struct {
	// contains filtered or unexported fields
}

func NewFirewallRegistry 

func NewFirewallRegistry(compiledConfiguration *CompiledConfiguration) *FirewallRegistry

func (*FirewallRegistry) GlobalAccessControl 

func (instance *FirewallRegistry) GlobalAccessControl() *AccessControl

func (*FirewallRegistry) Match 

func (instance *FirewallRegistry) Match(request httpcontract.Request) (*CompiledFirewall, bool)

type LoginFailureEvent 

type LoginFailureEvent struct {
	// contains filtered or unexported fields
}

func NewLoginFailureEvent 

func NewLoginFailureEvent(
	request httpcontract.Request,
	err error,
) *LoginFailureEvent

func (*LoginFailureEvent) Error 

func (instance *LoginFailureEvent) Error() error

func (*LoginFailureEvent) Request 

func (instance *LoginFailureEvent) Request() httpcontract.Request

type LoginSuccessEvent 

type LoginSuccessEvent struct {
	// contains filtered or unexported fields
}

func NewLoginSuccessEvent 

func NewLoginSuccessEvent(
	request httpcontract.Request,
	token securitycontract.Token,
) *LoginSuccessEvent

func (*LoginSuccessEvent) Request 

func (instance *LoginSuccessEvent) Request() httpcontract.Request

func (*LoginSuccessEvent) Token 

func (instance *LoginSuccessEvent) Token() securitycontract.Token

type LogoutFailureEvent 

type LogoutFailureEvent struct {
	// contains filtered or unexported fields
}

func NewLogoutFailureEvent 

func NewLogoutFailureEvent(request httpcontract.Request, err error) *LogoutFailureEvent

func (*LogoutFailureEvent) Error 

func (instance *LogoutFailureEvent) Error() error

func (*LogoutFailureEvent) Request 

func (instance *LogoutFailureEvent) Request() httpcontract.Request

type LogoutSuccessEvent 

type LogoutSuccessEvent struct {
	// contains filtered or unexported fields
}

func NewLogoutSuccessEvent 

func NewLogoutSuccessEvent(request httpcontract.Request) *LogoutSuccessEvent

func (*LogoutSuccessEvent) Request 

func (instance *LogoutSuccessEvent) Request() httpcontract.Request

type MatchedAccessControlRule 

type MatchedAccessControlRule struct {
	// contains filtered or unexported fields
}

func NewMatchedAccessControlRule 

func NewMatchedAccessControlRule(
	pathPrefix string,
	attributes []string,
	source Source,
	ruleIndex int,
	firewall string,
) *MatchedAccessControlRule

func (*MatchedAccessControlRule) Attributes 

func (instance *MatchedAccessControlRule) Attributes() []string

func (*MatchedAccessControlRule) Firewall 

func (instance *MatchedAccessControlRule) Firewall() string

func (*MatchedAccessControlRule) PathPrefix 

func (instance *MatchedAccessControlRule) PathPrefix() string

func (*MatchedAccessControlRule) RuleIndex 

func (instance *MatchedAccessControlRule) RuleIndex() int

func (*MatchedAccessControlRule) Source 

func (instance *MatchedAccessControlRule) Source() Source

type PathPrefixMatcher 

type PathPrefixMatcher struct {
	// contains filtered or unexported fields
}

func NewPathPrefixMatcher 

func NewPathPrefixMatcher(prefix string) *PathPrefixMatcher

func (*PathPrefixMatcher) Matches 

func (instance *PathPrefixMatcher) Matches(request httpcontract.Request) bool

type ResolverTokenSource 

type ResolverTokenSource struct {
	// contains filtered or unexported fields
}

func NewResolverTokenSource 

func NewResolverTokenSource(resolver securitycontract.TokenResolver) *ResolverTokenSource

func (*ResolverTokenSource) Name 

func (instance *ResolverTokenSource) Name() string

func (*ResolverTokenSource) Resolve 

func (instance *ResolverTokenSource) Resolve(runtimeInstance runtimecontract.Runtime, request httpcontract.Request) (securitycontract.Token, error)

type RoleHierarchy 

type RoleHierarchy struct {
	// contains filtered or unexported fields
}

func NewRoleHierarchy 

func NewRoleHierarchy(inheritedRolesByRole map[string][]string) *RoleHierarchy

func (*RoleHierarchy) ExpandRoles 

func (instance *RoleHierarchy) ExpandRoles(roles []string) []string

type RoleHierarchyVoter 

type RoleHierarchyVoter struct {
	// contains filtered or unexported fields
}

func NewRoleHierarchyVoter 

func NewRoleHierarchyVoter(roleHierarchy *RoleHierarchy, delegate *RoleVoter) *RoleHierarchyVoter

func (*RoleHierarchyVoter) Supports 

func (instance *RoleHierarchyVoter) Supports(attribute string, subject any) bool

func (*RoleHierarchyVoter) Vote 

func (instance *RoleHierarchyVoter) Vote(token securitycontract.Token, attribute string, subject any) securitycontract.VoteResult

type RoleVoter 

type RoleVoter struct {
}

func NewRoleVoter 

func NewRoleVoter() *RoleVoter

func (*RoleVoter) Supports 

func (instance *RoleVoter) Supports(attribute string, subject any) bool

func (*RoleVoter) Vote 

func (instance *RoleVoter) Vote(token securitycontract.Token, attribute string, subject any) securitycontract.VoteResult

type SecurityContext 

type SecurityContext struct {
	// contains filtered or unexported fields
}

func NewSecurityContext 

func NewSecurityContext(
	firewall *CompiledFirewall,
	token securitycontract.Token,
) *SecurityContext

func SecurityContextFromRuntime 

func SecurityContextFromRuntime(runtimeInstance runtimecontract.Runtime) (*SecurityContext, bool)

func (*SecurityContext) AccessControlSource 

func (instance *SecurityContext) AccessControlSource() Source

func (*SecurityContext) AccessDecisionManagerSource 

func (instance *SecurityContext) AccessDecisionManagerSource() Source

func (*SecurityContext) AccessDeniedHandlerSource 

func (instance *SecurityContext) AccessDeniedHandlerSource() Source

func (*SecurityContext) EntryPointSource 

func (instance *SecurityContext) EntryPointSource() Source

func (*SecurityContext) Firewall 

func (instance *SecurityContext) Firewall() *CompiledFirewall

func (*SecurityContext) IsGranted 

func (instance *SecurityContext) IsGranted(role string) bool

func (*SecurityContext) MatchedFirewallMatcher 

func (instance *SecurityContext) MatchedFirewallMatcher() string

func (*SecurityContext) MatchedRule 

func (instance *SecurityContext) MatchedRule() *MatchedAccessControlRule

func (*SecurityContext) RoleHierarchySource 

func (instance *SecurityContext) RoleHierarchySource() Source

func (*SecurityContext) SetMatchedRule 

func (instance *SecurityContext) SetMatchedRule(matchedRule *MatchedAccessControlRule)

func (*SecurityContext) Token 

func (instance *SecurityContext) Token() securitycontract.Token

type Source 

type Source string
const (
	SourceNone     Source = "none"
	SourceGlobal   Source = "global"
	SourceFirewall Source = "firewall"
	SourceMerged   Source = "merged"
)

type Token 

type Token struct {
	// contains filtered or unexported fields
}

func NewToken 

func NewToken(user securitycontract.Token) *Token

func (*Token) IsAuthenticated 

func (instance *Token) IsAuthenticated() bool

func (*Token) Roles 

func (instance *Token) Roles() []string

func (*Token) User 

func (instance *Token) User() securitycontract.Token

func (*Token) UserIdentifier 

func (instance *Token) UserIdentifier() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.