Skip to content

Commit

Permalink
Refactor: (Context)ConditionMatcher (#53)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ahoo-Wang
Ahoo-Wang authored Jan 5, 2023
1 parent e9afd1d commit aa97e08
Show file tree
Hide file tree
Showing 17 changed files with 574 additions and 115 deletions.
10 changes: 10 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,16 @@ RBAC-based And Policy-based Multi-Tenant Reactive Security Framework.

![Gateway](document/design/assets/Gateway.svg)

## Build In Policy

### ActionMatcher

![ActionMatcher](document/design/assets/ActionMatcher.svg)

### ConditionMatcher

![ConditionMatcher](document/design/assets/ConditionMatcher.svg)

## Policy Schema

[Policy Schema](document/cosec-policy.schema.json)
Expand Down
11 changes: 11 additions & 0 deletions README.zh-CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,17 @@

![Gateway](document/design/assets/Gateway.svg)

## 内置策略匹配器

### ActionMatcher

![ActionMatcher](document/design/assets/ActionMatcher.svg)

### ConditionMatcher

![ConditionMatcher](document/design/assets/ConditionMatcher.svg)


## 策略 Schema

[Policy Schema](document/cosec-policy.schema.json)
Expand Down
5 changes: 3 additions & 2 deletions ...e/src/main/kotlin/me/ahoo/cosec/policy/condition/context/AuthenticatedConditionMatcher.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ import me.ahoo.cosec.api.configuration.Configuration
import me.ahoo.cosec.api.context.SecurityContext
import me.ahoo.cosec.api.context.request.Request
import me.ahoo.cosec.api.policy.ConditionMatcher
import me.ahoo.cosec.policy.condition.AbstractConditionMatcher
import me.ahoo.cosec.policy.condition.ConditionMatcherFactory

class AuthenticatedConditionMatcher(override val configuration: Configuration) : ConditionMatcher {
class AuthenticatedConditionMatcher(configuration: Configuration) : AbstractConditionMatcher(configuration) {
override val type: String
get() = AuthenticatedConditionMatcherFactory.TYPE

override fun match(request: Request, securityContext: SecurityContext): Boolean {
override fun internalMatch(request: Request, securityContext: SecurityContext): Boolean {
return securityContext.principal.authenticated()
}
}
Expand Down
5 changes: 3 additions & 2 deletions ...src/main/kotlin/me/ahoo/cosec/policy/condition/context/InDefaultTenantConditionMatcher.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ import me.ahoo.cosec.api.configuration.Configuration
import me.ahoo.cosec.api.context.SecurityContext
import me.ahoo.cosec.api.context.request.Request
import me.ahoo.cosec.api.policy.ConditionMatcher
import me.ahoo.cosec.policy.condition.AbstractConditionMatcher
import me.ahoo.cosec.policy.condition.ConditionMatcherFactory

class InDefaultTenantConditionMatcher(override val configuration: Configuration) : ConditionMatcher {
class InDefaultTenantConditionMatcher(configuration: Configuration) : AbstractConditionMatcher(configuration) {
override val type: String
get() = InDefaultTenantConditionMatcherFactory.TYPE

override fun match(request: Request, securityContext: SecurityContext): Boolean {
override fun internalMatch(request: Request, securityContext: SecurityContext): Boolean {
return securityContext.tenant.isDefaultTenant
}
}
Expand Down
5 changes: 3 additions & 2 deletions ...rc/main/kotlin/me/ahoo/cosec/policy/condition/context/InPlatformTenantConditionMatcher.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ import me.ahoo.cosec.api.configuration.Configuration
import me.ahoo.cosec.api.context.SecurityContext
import me.ahoo.cosec.api.context.request.Request
import me.ahoo.cosec.api.policy.ConditionMatcher
import me.ahoo.cosec.policy.condition.AbstractConditionMatcher
import me.ahoo.cosec.policy.condition.ConditionMatcherFactory

class InPlatformTenantConditionMatcher(override val configuration: Configuration) : ConditionMatcher {
class InPlatformTenantConditionMatcher(configuration: Configuration) : AbstractConditionMatcher(configuration) {
override val type: String
get() = InPlatformTenantConditionMatcherFactory.TYPE

override fun match(request: Request, securityContext: SecurityContext): Boolean {
override fun internalMatch(request: Request, securityContext: SecurityContext): Boolean {
return securityContext.tenant.isPlatformTenant
}
}
Expand Down
5 changes: 3 additions & 2 deletions ...re/src/main/kotlin/me/ahoo/cosec/policy/condition/context/InUserTenantConditionMatcher.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ import me.ahoo.cosec.api.configuration.Configuration
import me.ahoo.cosec.api.context.SecurityContext
import me.ahoo.cosec.api.context.request.Request
import me.ahoo.cosec.api.policy.ConditionMatcher
import me.ahoo.cosec.policy.condition.AbstractConditionMatcher
import me.ahoo.cosec.policy.condition.ConditionMatcherFactory

class InUserTenantConditionMatcher(override val configuration: Configuration) : ConditionMatcher {
class InUserTenantConditionMatcher(configuration: Configuration) : AbstractConditionMatcher(configuration) {
override val type: String
get() = InUserTenantConditionMatcherFactory.TYPE

override fun match(request: Request, securityContext: SecurityContext): Boolean {
override fun internalMatch(request: Request, securityContext: SecurityContext): Boolean {
return securityContext.tenant.isUserTenant
}
}
Expand Down
111 changes: 111 additions & 0 deletions document/design/assets/ActionMatcher.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 3 additions & 3 deletions document/design/assets/Authentication-Flow.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 1 addition & 7 deletions document/design/assets/Authorization-Flow.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
108 changes: 108 additions & 0 deletions document/design/assets/Authorization-Policy.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
159 changes: 159 additions & 0 deletions document/design/assets/ConditionMatcher.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
154 changes: 72 additions & 82 deletions document/design/assets/Modeling.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
31 changes: 31 additions & 0 deletions document/design/uml/ActionMatcher.puml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
@startuml

!include layout.puml

title Build In ActionMatcher

interface RequestMatcher{
val type: String
val configuration: Configuration
match(request: Request, securityContext: SecurityContext): Boolean
}
interface ActionMatcher
abstract class AbstractActionMatcher{
val methods: Set<String>
}
class AllActionMatcher
class NoneActionMatcher
class PathActionMatcher
class RegularActionMatcher
class ReplaceablePathActionMatcher
class ReplaceableRegularActionMatcher

RequestMatcher <|-- ActionMatcher
ActionMatcher <|-- AbstractActionMatcher
AbstractActionMatcher <|-- AllActionMatcher
AbstractActionMatcher <|-- NoneActionMatcher
AbstractActionMatcher <|-- PathActionMatcher
AbstractActionMatcher <|-- RegularActionMatcher
AbstractActionMatcher <|-- ReplaceablePathActionMatcher
AbstractActionMatcher <|-- ReplaceableRegularActionMatcher
@enduml
48 changes: 48 additions & 0 deletions document/design/uml/ConditionMatcher.puml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
@startuml

!include layout.puml

title Build In ConditionMatcher

interface RequestMatcher{
val type: String
val configuration: Configuration
match(request: Request, securityContext: SecurityContext): Boolean
}

interface ConditionMatcher
abstract class AbstractConditionMatcher{
val negate: Boolean
}
abstract class PartConditionMatcher{
val partExtractor: PartExtractor
}
class AllConditionMatcher
class AuthenticatedConditionMatcher
class EqConditionMatcher
class InConditionMatcher
class InDefaultTenantConditionMatcher
class InPlatformTenantConditionMatcher
class InUserTenantConditionMatcher
class NoneConditionMatcher
class OgnlConditionMatcher
class PathConditionMatcher
class RegularConditionMatcher
class SpelConditionMatcher

RequestMatcher <|-- ConditionMatcher
ConditionMatcher <|-- AbstractConditionMatcher
AbstractConditionMatcher <|-- PartConditionMatcher
PartConditionMatcher <|-- InConditionMatcher
PartConditionMatcher <|-- EqConditionMatcher
PartConditionMatcher <|-- PathConditionMatcher
PartConditionMatcher <|-- RegularConditionMatcher
AbstractConditionMatcher <|-- AuthenticatedConditionMatcher
AbstractConditionMatcher <|-- InDefaultTenantConditionMatcher
AbstractConditionMatcher <|-- SpelConditionMatcher
AbstractConditionMatcher <|-- OgnlConditionMatcher
AbstractConditionMatcher <|-- InUserTenantConditionMatcher
AbstractConditionMatcher <|-- NoneConditionMatcher
AbstractConditionMatcher <|-- AllConditionMatcher
AbstractConditionMatcher <|-- InPlatformTenantConditionMatcher
@enduml
3 changes: 0 additions & 3 deletions document/design/uml/authorization-flow.puml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ title Authorization Flow
participant User
participant AuthorizationFilter
participant RequestParser
participant TenantParser
participant SecurityContextParser
participant TokenVerifier
participant Authorization
Expand All @@ -14,8 +13,6 @@ User++

User -> AuthorizationFilter++: request()
AuthorizationFilter -> RequestParser++: parse()
RequestParser -> TenantParser++: parse()
RequestParser <-- TenantParser--: Tenant
AuthorizationFilter <-- RequestParser--: Request
AuthorizationFilter -> SecurityContextParser++: parse()
SecurityContextParser -> TokenVerifier++: verify(AccessToken)
Expand Down
18 changes: 7 additions & 11 deletions document/design/uml/modeling.puml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,18 +125,14 @@ package context{
TenantCapable <|-- SecurityContext
CoSecPrincipal --* SecurityContext

interface Request<A : Any>{
val action: A
interface Request{
val path: String
val method: String
val remoteIp: String
val origin: String
val referer: String
getHeader(key: String): String
}

interface HttpRequest
TenantCapable <|-- Request
Request <|-- HttpRequest

note right of HttpRequest
HttpRequest::action
format: {url}:{method}
end note
}

package authorization{
Expand Down
2 changes: 1 addition & 1 deletion gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# limitations under the License.
#
group=me.ahoo.cosec
version=1.8.6
version=1.8.7
description=RBAC-based And Policy-based Multi-Tenant Reactive Security Framework
website=https://github.com/Ahoo-Wang/CoSec
issues=https://github.com/Ahoo-Wang/CoSec/issues
Expand Down

0 comments on commit aa97e08

Please sign in to comment.