Package

org.zalando

zhewbacca

Permalink

package zhewbacca

Visibility
  1. Public
  2. All

Type Members

  1. class AlwaysPassAuthProvider extends AuthProvider

    Permalink

  2. trait AuthProvider extends AnyRef

    Permalink

  3. sealed abstract class AuthResult extends AnyRef

    Permalink

  4. case class AuthTokenValid(tokenInfo: TokenInfo) extends AuthResult with Product with Serializable

    Permalink

  5. class DenyAllRule extends SecurityRule

    Permalink

    Default rule for SecurityFilter.

  6. case class ExplicitlyAllowedRule(method: String, pathRegex: String) extends StrictRule with Product with Serializable

    Permalink

    Allowed to 'pass-through' of any request.

    Allowed to 'pass-through' of any request. It means that no security checks will be applied. It is often useful in combination with 'catch all' rule which forces to verify tokens for all endpoints.

  7. case class ExplicitlyDeniedRule(method: String, pathRegex: String) extends StrictRule with Product with Serializable

    Permalink

    Useful for explicitly denied HTTP methods or URIs.

  8. class IAMClient extends (OAuth2Token) ⇒ Future[Option[TokenInfo]]

    Permalink

    Retrieves TokenInfo for given OAuth2 token using IAM API.

    Retrieves TokenInfo for given OAuth2 token using IAM API.

    Class applies a Circuit Breaker pattern, so it must be a singleton in the client's code. Implementation depends on Play infrastructure so it will work only in a context of running application.

    Annotations
    @Singleton()

  9. class OAuth2AuthProvider extends AuthProvider

    Permalink

    Authorization provider which uses Zalando's IAM API to verify given OAuth2 token.

    Authorization provider which uses Zalando's IAM API to verify given OAuth2 token.

    Annotations
    @Singleton()

  10. case class OAuth2Token extends Product with Serializable

    Permalink

  11. case class Scope extends Product with Serializable

    Permalink

  12. class SecurityFilter extends Filter

    Permalink

    SecurityFilter intercepts every request and validates it against security rules.

    SecurityFilter intercepts every request and validates it against security rules.

    It forwards an original request to the next filter in the chain if this request doesn't have corresponding security rule. Authenticated requests will be modified to include TokenInfo information into request's metadata.

  13. trait SecurityRule extends AnyRef

    Permalink

  14. class SecurityRulesRepository extends AnyRef

    Permalink

  15. abstract class StrictRule extends SecurityRule

    Permalink

  16. case class TokenInfo(accessToken: String, scope: Scope, tokenType: String, userUid: String) extends Product with Serializable

    Permalink

  17. abstract case class ValidateTokenRule(method: String, pathRegex: String, scope: Scope) extends StrictRule with Product with Serializable

    Permalink

Value Members

  1. object AuthTokenEmpty extends AuthResult with Product with Serializable

    Permalink

  2. object AuthTokenInvalid extends AuthResult with Product with Serializable

    Permalink

  3. object OAuth2Token extends Serializable

    Permalink

  4. object Scope extends Serializable

    Permalink

  5. object TokenInfo extends Serializable

    Permalink

  6. object TokenInfoConverter

    Permalink

  7. package metrics

    Permalink

Ungrouped