Default rule for SecurityFilter
.
Allowed to 'pass-through' of any request.
Useful for explicitly denied HTTP methods or URIs.
Retrieves TokenInfo for given OAuth2 token using IAM API.
Retrieves TokenInfo for given OAuth2 token using IAM API.
Class applies a Circuit Breaker pattern, so it must be a singleton in the client's code. Implementation depends on Play infrastructure so it will work only in a context of running application.
Authorization provider which uses Zalando's IAM API to verify given OAuth2 token.
Authorization provider which uses Zalando's IAM API to verify given OAuth2 token.
SecurityFilter
intercepts every request and validates it against security rules.
SecurityFilter
intercepts every request and validates it against security rules.
It forwards an original request to the next filter in the chain if this request doesn't have corresponding
security rule. Authenticated requests will be modified to include TokenInfo
information into request's metadata.
Allowed to 'pass-through' of any request. It means that no security checks will be applied. It is often useful in combination with 'catch all' rule which forces to verify tokens for all endpoints.