Type Members

1.  trait AbstractAuth extends AnyRef
2.  trait AbstractUser extends AnyRef
3.  final case class AuthBadResponseException(error: String, message: String = "credential", errorType: ErrorType = ErrorType.UnknownError, errorCode: String = "auth.response", stacktrace: Option[String] = None, status: Int = ErrorCode.Unauthorized) extends Throwable with AuthException with Product with Serializable
4.  final case class AuthContext(userId: UUID, user: AbstractUser = AbstractUser.Anonymous, correlationId: String, bearer: String = "", perms: List[String] = Nil, headers: Map[String, String] = Map.empty, info: Obj = Json.Obj()) extends Product with Serializable

   This object allows to manage an AuthContext inside the call versus different systems.

   This object allows to manage an AuthContext inside the call versus different systems. It can be used to monitor rest calls, API integration patterns, better logging.

   userId

   the id of the user

   correlationId

   the correlationID of the call

   perms

   the permission of the user

   headers

   some headers useful to pass information

   info

   extra json ino to export for logs

5.  sealed trait AuthException extends Throwable with FrameworkException

   ************************************** AUTH Exceptions

   ************************************** AUTH Exceptions

   Annotations

   @jsonDiscriminator("type")

6.  case class AuthUUIDException(message: String = "auth.uuid", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.NotFound, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

   This class defines a AuthUUIDException entity

   This class defines a AuthUUIDException entity

   message

   the error message

   errorType

   the errorType

   errorCode

   a string grouping common application errors

   status

   HTTP Error Status

7.  final case class InvalidCredentialsException(error: String, message: String = "credential", errorType: ErrorType = ErrorType.UnknownError, errorCode: String = "auth.generic", stacktrace: Option[String] = None, status: Int = ErrorCode.Unauthorized) extends Throwable with AuthException with Product with Serializable
8.  case class InvalidPermissionStringException(permissionString: String, message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.NotFound, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

   This exception is throw if the permission string is malformed

   This exception is throw if the permission string is malformed

   permissionString

   the permission that is not valid

   message

   the error message

   errorType

   the errorType

   errorCode

   a string grouping common application errors

   status

   HTTP Error Status

9.  case class JWTInvalidTokenException(message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.InternalServerError, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

   This exception is thrown when there is an invalid JWT token

   This exception is thrown when there is an invalid JWT token

   message

   the error message

   errorType

   the errorType

   errorCode

   a string grouping common application errors

   status

   HTTP Error Status

10.  case class JWTPasswordException(message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.InternalServerError, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This exception is thrown when there is unable to validate a password

    This exception is thrown when there is unable to validate a password

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status

11.  case class JWTTokenParsingException(message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.InternalServerError, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This exception is thrown when there is unable to parse aJWT token

    This exception is thrown when there is unable to parse aJWT token

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status

12.  case class JWTTokenSignException(message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.InternalServerError, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable
13.  case class JWTUnableGenerateTokenException(message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.InternalServerError, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This exception is thrown when is not possible to generate a JWT token

    This exception is thrown when is not possible to generate a JWT token

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status

14.  case class MissingCredentialsException(message: String = "auth.credentials", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.NotFound, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This class defines a MissingCredentialsException entity

    This class defines a MissingCredentialsException entity

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status

15.  trait Permission extends AnyRef

    A Permission represents the ability to perform an action or access a resource.

    A Permission represents the ability to perform an action or access a resource. A Permission is the most granular, or atomic, unit in a system's security policy and is the cornerstone upon which fine-grained security models are built. Based on Apache Shiro permission.

    It is important to understand a Permission instance only represents functionality or access - it does not grant it. Granting access to an application functionality or a particular resource is done by the application's security configuration, typically by assigning Permissions to users, roles and/or groups.

    Most typical systems are what the Shiro team calls role-based in nature, where a role represents common behavior for certain user types. For example, a system might have an Aministrator role, a User or Guest roles, etc.

    But if you have a dynamic security model, where roles can be created and deleted at runtime, you can't hard-code role names in your code. In this environment, roles themselves aren't aren't very useful. What matters is what permissions are assigned to these roles.

    Under this paradigm, permissions are immutable and reflect an application's raw functionality (opening files, accessing a web URL, creating users, etc). This is what allows a system's security policy to be dynamic: because Permissions represent raw functionality and only change when the application's source code changes, they are immutable at runtime - they represent 'what' the system can do. Roles, users, and groups are the 'who' of the application. Determining 'who' can do 'what' then becomes a simple exercise of associating Permissions to roles, users, and groups in some way.

    Most applications do this by associating a named role with permissions (i.e. a role 'has a' collection of Permissions) and then associate users with roles (i.e. a user 'has a' collection of roles) so that by transitive association, the user 'has' the permissions in their roles. There are numerous variations on this theme (permissions assigned directly to users, or assigned to groups, and users added to groups and these groups in turn have roles, etc, etc). When employing a permission-based security model instead of a role-based one, users, roles, and groups can all be created, configured and/or deleted at runtime. This enables an extremely powerful security model.

    A benefit to Shiro is that, although it assumes most systems are based on these types of static role or dynamic role w/ permission schemes, it does not require a system to model their security data this way - all Permission checks are relegated to org.apache.shiro.realm.Realm implementations, and only those implementations really determine how a user 'has' a permission or not. The Realm could use the semantics described here, or it could utilize some other mechanism entirely - it is always up to the application developer.

    Shiro provides a very powerful default implementation of this interface in the form of the WildcardPermission. We highly recommend that you investigate this class before trying to implement your own Permissions.

    Since

    0.2

    See also

    zio.auth.permission.WildcardPermission WildcardPermission

16.  case class UnauthorizedException(message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.NotFound, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This class defines a UnauthorizedException entity

    This class defines a UnauthorizedException entity

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status

17.  case class UserNotFoundException(userId: String, message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.NotFound, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This class defines a UserNotFoundException entity

    This class defines a UserNotFoundException entity

    userId

    an User Id

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status

18.  case class UserPropertyNotFoundException(userId: String, property: String, message: String = "auth.error", errorType: ErrorType = ErrorType.AuthError, errorCode: String = "auth.error", status: Int = ErrorCode.NotFound, stacktrace: Option[String] = None) extends Throwable with AuthException with Product with Serializable

    This exception is thrown when a property is missing

    This exception is thrown when a property is missing

    userId

    an User Id

    property

    a property to look for

    message

    the error message

    errorType

    the errorType

    errorCode

    a string grouping common application errors

    status

    HTTP Error Status