Skip to content

Commit

Permalink
Merge pull request #2210 from ldclakmal/update-security-doc
Browse files Browse the repository at this point in the history 
Update authn/authz guide for Swan Lake Beta1
  • Loading branch information
@ldclakmal
ldclakmal authored May 25, 2021
2 parents d5d22d9 + bf7c0f4 commit c8db772
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 105 deletions.
138 changes: 76 additions & 62 deletions learn/user-guide/security/authentication-and-authorization.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,35 @@
layout: ballerina-left-nav-pages-swanlake
title: Authentication and Authorization
description: Ballerina HTTP services/clients can be configured to enforce authentication and authorization.
keywords: ballerina, programming language, security, secure ballerina code, authorization, authentication
keywords: ballerina, programming language, security, secure ballerina code, authorization, authentication, iam
permalink: /learn/user-guide/security/authentication-and-authorization/
active: authentication-and-authorization
intro: Ballerina HTTP services/clients can be configured to enforce authentication and authorization.
redirect_from:
- /learn/authentication-and-authorization
- /learn/authentication-and-authorization/
- /learn/security/authentication-and-authorization
- /swan-lake/learn/security/authentication-and-authorization/
- /swan-lake/learn/security/authentication-and-authorization
- /learn/security/authentication-and-authorization/
- /learn/security/authentication-and-authorization
- /learn/user-guide/security/authentication-and-authorization
- /learn/user-guide/security/authentication-and-authorization/
- /learn/user-guide/authentication-and-authorization/
- /learn/user-guide/authentication-and-authorization
- /learn/how-to-write-secure-ballerina-code
- /learn/how-to-write-secure-ballerina-code/
- /learn/writing-secure-ballerina-code/
- /learn/writing-secure-ballerina-code
- /learn/security/
- /learn/security
- /swan-lake/learn/security/writing-secure-ballerina-code/
- /swan-lake/learn/security/writing-secure-ballerina-code
- /learn/security/writing-secure-ballerina-code/
- /learn/security/writing-secure-ballerina-code
- /learn/user-guide/security/writing-secure-ballerina-code
- /learn/user-guide/security/writing-secure-ballerina-code/
- /learn/user-guide/security/
- /learn/user-guide/security
---

## HTTP Listener Authentication and Authorization
Expand All @@ -32,14 +46,14 @@ The example below represents how a service can be secured. The `http:ServiceConf
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
@http:ServiceConfig {
auth: [
Expand All @@ -60,14 +74,14 @@ These concepts are applied to the `http:ResourceConfig` annotation as well. The
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
service /foo on securedEP {
Expand Down Expand Up @@ -114,14 +128,14 @@ password="password3"
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
@http:ServiceConfig {
auth: [
Expand Down Expand Up @@ -199,14 +213,14 @@ There is an imperative method to handle authentication and authorization as foll
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
ListenerFileUserStoreBasicAuthHandler handler = new;
Expand Down Expand Up @@ -256,14 +270,14 @@ The `http:LdapUserStoreConfig` configurations include:
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
@http:ServiceConfig {
auth: [
Expand Down Expand Up @@ -361,14 +375,14 @@ There is an imperative method to handle authentication and authorization as foll
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
ListenerFileUserStoreBasicAuthHandler handler = new({
domainName: "ballerina.io",
Expand Down Expand Up @@ -430,14 +444,14 @@ The `http:JwtValidatorConfig` configurations include:
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
@http:ServiceConfig {
auth: [
Expand Down Expand Up @@ -515,21 +529,21 @@ curl -k -v https://localhost:9091/hello -H 'Authorization: Bearer <token>'
Hello, World!
```

##### Imperative Method
#### Imperative Method

There is an imperative method to handle authentication and authorization as follows:

```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
ListenerFileUserStoreBasicAuthHandler handler = new({
issuer: "wso2",
Expand Down Expand Up @@ -579,14 +593,14 @@ The `http:OAuth2IntrospectionConfig` configurations include:
```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
@http:ServiceConfig {
auth: [
Expand Down Expand Up @@ -666,21 +680,21 @@ curl -k -v https://localhost:9091/hello -H 'Authorization: Bearer <token>'
Hello, World!
```

##### Imperative Method
#### Imperative Method

There is an imperative method to handle authorization as follows:

```ballerina
import ballerina/http;
listener http:Listener securedEP = new(9090, config = {
secureSocket: {
listener http:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "/path/to/public.crt",
keyFile: "/path/to/private.key"
}
}
});
);
ListenerFileUserStoreBasicAuthHandler handler = new({
url: "https://localhost:9999/oauth2/token/introspect",
Expand Down Expand Up @@ -720,14 +734,14 @@ The following example represents how an HTTP client can be configured to call a
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
// ...
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
```

### Basic Auth
Expand All @@ -743,15 +757,15 @@ The `http:CredentialsConfig` configurations include:
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
username: "alice",
password: "123"
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
public function main() {
// Send a `GET` request to the specified endpoint.
Expand Down Expand Up @@ -795,8 +809,8 @@ The `http:JwtIssuerConfig` configurations include:
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
username: "ballerina",
issuer: "wso2",
audience: ["ballerina", "ballerina.org", "ballerina.io"],
Expand All @@ -811,10 +825,10 @@ http:Client securedEP = check new("https://localhost:9090", {
}
}
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
public function main() {
// Send a `GET` request to the specified endpoint.
Expand All @@ -839,14 +853,14 @@ The `http:BearerTokenConfig` configurations include:
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
token: "JlbmMiOiJBMTI4Q0JDLUhTMjU2In"
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
public function main() {
// Send a `GET` request to the specified endpoint.
Expand Down Expand Up @@ -892,8 +906,8 @@ The `http:OAuth2ClientCredentialsGrantConfig` configurations include:
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
tokenUrl: "https://localhost:9090/oauth2/token",
clientId: "s6BhdRkqt3",
clientSecret: "7Fjfp0ZBr1KtDRbnfVdmIw",
Expand All @@ -904,10 +918,10 @@ http:Client securedEP = check new("https://localhost:9090", {
}
}
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
public function main() {
// Send a `GET` request to the specified endpoint.
Expand Down Expand Up @@ -959,8 +973,8 @@ The `http:OAuth2PasswordGrantConfig` configurations include:
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
tokenUrl: "https://localhost:9090/oauth2/token",
username: "admin",
password: "123",
Expand All @@ -982,10 +996,10 @@ http:Client securedEP = check new("https://localhost:9090", {
}
}
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
public function main() {
// Send a `GET` request to the specified endpoint.
Expand Down Expand Up @@ -1028,8 +1042,8 @@ The `http:OAuth2RefreshTokenGrantConfig` configurations include:
import ballerina/http;
import ballerina/log;
http:Client securedEP = check new("https://localhost:9090", {
auth: {
http:Client securedEP = check new("https://localhost:9090",
auth = {
refreshUrl: "https://localhost:9090/oauth2/token/refresh",
refreshToken: "tGzv3JOkF0XG5Qx2TlKWIA",
clientId: "s6BhdRkqt3",
Expand All @@ -1041,10 +1055,10 @@ http:Client securedEP = check new("https://localhost:9090", {
}
}
},
secureSocket: {
secureSocket = {
cert: "/path/to/public.crt"
}
});
);
public function main() {
// Send a `GET` request to the specified endpoint.
Expand Down
Loading

0 comments on commit c8db772

Please sign in to comment.