Authorization
Gateway provides different mechanisms to manage authorization in secured environments. One of the most effective and powerful methods is secured endpoints allowing MOC administrators to restrict restricting access to internal MOC endpoints though through configuration properties at the Gateway.
Securing endpoints through the gateway
This configuration requires two components:
Rule base authorities
Protected endpoints.
1- Rule base authorities:
Allow mappings between OAuth2 token claims and Granted Authorities.
...
| Code Block | ||
|---|---|---|
| ||
- authority-name: GrantedAuthorityNameToBeAssigned
claim-value-condition:
claims: token_claim_name_one,token_claim_name_two
values: expected_value_one,expected_value_two |
Which can be translated to:
If token claims contains any of the next keys:
token_claim_name_oneORtoken_claim_name_two, and the value equals any ofexpected_value_oneORexpected_value_twothen request will getGrantedAuthorityNameToBeAssignedas Granted Authority.
Sample configurations:
| Code Block | ||
|---|---|---|
| ||
oauth2:
resource-server:
authorization:
rule-based-authorities:
- authority-name: modelopEngineOnlyModelManage
claim-value-condition:
claims: user_id,client_id
values: model-manage
- authority-name: modelopEngineOnlyModelManageAndMlc
claim-value-condition:
claims: user_id,client_id
values: model-manage,mlc-service
- authority-name: modelop-monitor
claim-value-condition:
claims: user_id,client_id
values: model-manage,mlc-service |
...
| Code Block |
|---|
modelopEngineOnlyModelManage,modelopEngineOnlyModelManageAndMlc,modelop-monitor |
2- Protected endpoints
These protected endpoints are defined under:
...