[Architecture] [MB4] Extensions for broker security

Mon, 19 Feb 2018 21:45:22 -0800 

Hi,

The broker supports basic authentication and authorization based on scopes
and user groups. Extension points are provided to plug in custom
authenticator and authorizer for connecting to different user stores. Here
are existing interfaces users can extend to provide $Subject.

public interface Authenticator {

    void  initialize(StartupContext startupContext, Map<String,
Object> properties) throws Exception;

    AuthResult authenticate(String username, char[] password) throws
BrokerAuthException;
}

public interface Authorizer {

    void  initialize(StartupContext startupContext, Map<String,
Object> properties) throws Exception;


* Set<String> getUserGroupsList(String userId) throws BrokerAuthException;*}


The authenticator will authenticate given username and password and provide
auth result which contains the userId and authentication success result.
Authorizer will be used to retrieve the user groups to authorize using
broker authorization model.

Implementations of these extensions can be plugin using broker
configuration. The default configuration can be found as below.

# Broker auth related configurations.
wso2.broker.auth:
 # Broker authentication related configurations.
 authentication:
  # Enable the authentication
  enabled: true
  authenticator:
    # Authenticator implemetation
    className: 
org.wso2.broker.auth.authentication.authenticator.impl.JaasAuthenticator
    # Optional properties
    properties:
     loginModule: org.wso2.broker.auth.authentication.jaas.UserStoreLoginModule
     userStoreConnector:
org.wso2.broker.auth.user.impl.FileBasedUserStoreConnector

 # Broker authorization related configurations.
  authorization:
   # Enable the authorization
   enabled: true
   authorizer:
    # Authorizer implemetation
    className: 
org.wso2.broker.auth.authorization.authorizer.file.FileBasedUserStoreAuthorizer

    # Optional properties
    properties:

Appreciate any suggestions.

Thanks,
Waruna

-- 
Regards,

Waruna Lakshitha Jayaweera
Senior Software Engineer
WSO2 Inc; http://wso2.com
phone: +94713255198
http://waruapz.blogspot.com/

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to