p

authorization

package authorization

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. All

Type Members

  1. trait AllowAllAuthorization extends AuthorizationExtension

    Dummy authorization, allows everything.

    Dummy authorization, allows everything. Can be used for testing, disabling authorization temporarily and serves as an example of how to extend Authorization as a Stackable trait.

  2. trait AllowConfiguredTypesForAll extends AuthorizationExtension

    Allows non PermissiveRequest to all users (currently read, subs, cancel, but not write and response).

    Allows non PermissiveRequest to all users (currently read, subs, cancel, but not write and response). Intended to be used as a last catch-all test (due to logging), but before LogUnauthorized.

    New in version 0.12.3(or larger?): Configuration for the request types that are allowed for all.

  3. class AuthAPIService extends AuthApi

    ******************************************************************************** Copyright (c) 2015 Aalto University.

    ******************************************************************************** Copyright (c) 2015 Aalto University. * * Licensed under the 4-clause BSD (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at top most directory of project. * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ********************************************************************************

  4. class AuthAPIServiceV2 extends AuthApi with AuthApiJsonSupport

    Version 2 of AuthAPI service.

    Version 2 of AuthAPI service. It provides functionality of the internal AuthAPI interface to external authorization services. This V2 has different interface to allow easier partial authorization by having "deny" rules in addition to "allow" rules.

  5. trait AuthApi extends AnyRef

    Implement one method of this interface and register the class through AuthApiProvider.

  6. trait AuthApiJsonSupport extends AnyRef
  7. trait AuthApiProvider extends AuthorizationExtension
  8. case class AuthorizationResponse(allow: Set[Path], deny: Set[Path]) extends Product with Serializable

    API response class for getting the permission data from external service.

  9. sealed trait AuthorizationResult extends AnyRef
  10. case class Authorized(user: UserInfo) extends AuthorizationResult with Product with Serializable
  11. case class Changed(authorizedRequest: RequestWrapper, user: UserInfo) extends AuthorizationResult with Product with Serializable

    Wraps a new O-MI request that is potentially modified from the original to pass authorization.

    Wraps a new O-MI request that is potentially modified from the original to pass authorization. Can be used instead of Partial to define partial authorization.

  12. case class Eppn(user: String) extends Product with Serializable

    EduPersonPrincipalName, used as user identifier

  13. trait IpAuthorization extends AuthorizationExtension

    Trait for checking, is connected client IP permitted to do input actions, an ExternalAgent or using Write request.

    Trait for checking, is connected client IP permitted to do input actions, an ExternalAgent or using Write request. Tests against whitelisted ips and ip masks in configuration.

  14. trait LogPermissiveRequestBeginning extends AuthorizationExtension

    Log the beginning of all permissive requests (e.g.

    Log the beginning of all permissive requests (e.g. write, response write). Intended to be used at the top of trait stack to catch all requests. Never gives any permissions.

  15. trait LogUnauthorized extends AuthorizationExtension

    Intended to be used at the bottom of trait stack to catch all unauthorized requests and log them.

    Intended to be used at the bottom of trait stack to catch all unauthorized requests and log them. Never gives permissions.

  16. case class Partial(authorized: Iterable[Path], user: UserInfo) extends AuthorizationResult with Product with Serializable
  17. trait SamlHttpHeaderAuth extends AuthorizationExtension

    SAML authorization using http headers got from some reverse-proxying server (e.g.

    SAML authorization using http headers got from some reverse-proxying server (e.g. nginx, apache) preferably running on the same computer (for security reasons). Authorizes PermissiveRequests for all users who are specified by EPPN in config whitelist EPPNs are usually in format "username@organizationdomain"

  18. case class Unauthorized(user: UserInfo = UserInfo()) extends AuthorizationResult with Product with Serializable

Value Members

  1. object Authorization

    Tests if user specified by UserData has permission for request OmiRequest.

    Tests if user specified by UserData has permission for request OmiRequest. Function is in curried format.

    return Boolean, true if connection is permitted to do input.

Ungrouped