diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-20 13:09:55 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-20 13:15:11 +0200 |
commit | b38471d94959eb172e82ee102404bc669a14d96b (patch) | |
tree | d1a9e399c6c4f4bb1ee76a1b80454125cfbbd0fe /jdisc-security-filters/src/main/resources | |
parent | bf74c1a064739c123921a2e85e9427bae7019290 (diff) |
Add new Athenz security filter based on ZPE
- Allow flexible configuration of filter using a resource mapper
- Add helper class to extract role and identity from role certificates
Diffstat (limited to 'jdisc-security-filters/src/main/resources')
2 files changed, 16 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def b/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def new file mode 100644 index 00000000000..c60b7a125f8 --- /dev/null +++ b/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def @@ -0,0 +1,8 @@ +# Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +namespace=jdisc.http.filter.security.athenz + +# Which credentials to verify. Note: ANY will prioritize token over certificate if both are present. +credentialsToVerify enum { CERTIFICATE_ONLY, TOKEN_ONLY, ANY } default=ANY + +# Name of header which includes role token. Must be set if 'credentialsTypeRequired' is set to TOKEN_ONLY or ANY. +roleTokenHeaderName string default="" diff --git a/jdisc-security-filters/src/main/resources/configdefinitions/static-request-resource-mapper.def b/jdisc-security-filters/src/main/resources/configdefinitions/static-request-resource-mapper.def new file mode 100644 index 00000000000..de89c1f9198 --- /dev/null +++ b/jdisc-security-filters/src/main/resources/configdefinitions/static-request-resource-mapper.def @@ -0,0 +1,8 @@ +# Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +namespace=jdisc.http.filter.security.athenz + +# Athenz resource name on format '<domain-name>:<entity-name>' +resourceName string + +# Action name +action string
\ No newline at end of file |