#### Use the default configuration to configure sureness
#### Use the Default Configuration to Configure Sureness
The default configuration -`DefaultSurenessConfig` uses the document datasource sureness.yml as the auth datasource.
The default configuration -`DefaultSurenessConfig` uses the document datasource `sureness.yml` as the auth datasource.
It supports jwt, basic auth, digest auth authentication.
```
@Bean
...
...
@@ -103,25 +103,22 @@ public DefaultSurenessConfig surenessConfig() {
#### Load Auth Config DataSource
Sureness need dataSource to authenticate and authorize, eg: role data, user data etc.
The dataSource can load from txt, dataBase, no dataBase or annotation etc.
Sureness authentication requires us to provide our own account data, role permission data, etc. These data may come from text, relational databases, non-relational databases, annotations, etc.
We provide interfaces `SurenessAccountProvider`, `PathTreeProvider` for user implement to load data from the dataSource where they want.
If the configuration resource data comes from text, please refer to [sureness integration springboot sample(configuration file scheme)--sample-bootstrap](https://github.com/tomsun28/sureness/tree/master/sample-bootstrap)
If the configuration resource data comes from dataBase, please refer to [sureness integration springboot sample(database scheme)-sample-tom](https://github.com/tomsun28/sureness/tree/master/sample-tom)
If the configuration resource data comes from text, please refer to [Sureness integration springboot sample(configuration file scheme)](https://github.com/tomsun28/sureness/tree/master/sample-bootstrap)
If the configuration resource data comes from dataBase, please refer to [Sureness integration springboot sample(database scheme)](https://github.com/tomsun28/sureness/tree/master/sample-tom)
#### Add an Interceptor Intercepting All Requests
The essence of `sureness` is to intercept all rest requests for authenticating and Authorizing.
The essence of sureness is to intercept all rest requests for authenticating and Authorizing.
The interceptor can be a filter or a spring interceptor, it intercepts all request to check them.
-`Processor`: process subject interface, where happen authentication and authorization.
-`PathTreeProvider`: resource data provider, it can load data from txt or database,etc.
-`SurenessAccountProvider`: account data provider, it can load data from txt or database,etc.
![flow](/docs/_images/flow-en.png)
Sureness Process Flow:
As in the above process, Subject is created by SubjectCreate according to the request body, and different authentication processors process the supported Subjects.
![flow](/docs/_images/flow-en.png)
Sureness provides the following common interfaces as extension points:
1.**Custom Datasource**
-`Subject`: Authenticated authorized user's account interface, provide the account's username,password, request resources, roles, etc.
Suggest take a look at the interface sureness provided, detail [Advanced Use](extend-point.md)
Before customization, it is recommended to understand the sureness's processor and the extended interface provided, see [Advanced Extension](extend-point.md) for details.
`Implment PathTreeProvider, load in DefaultPathRoleMatcher`
`Implment SurenessAccountProvide, load in processor`
First, let's get to know the two user information and resource permission information interfaces provided by Sureness. Users can customize these interfaces to provide data to Sureness from different data sources.
Detail please refer to [30 Minute Tutorial's Program--sample-tom](sample-tom.md)
-`PathTreeProvider`: Path resource provider interface, which can load data from database, text, etc., and load it into the resource permission matcher `DefaultPathRoleMatcher`.
-`SurenessAccountProvider`: Account information provider interface, to load data from database, text, etc., and load it into the `processor` that needs account data.
When we switched the project from the configuration file mode to the database mode, we simply replaced the implementation classes of these interfaces.
1.`PathTreeProvider`
````
public interface PathTreeProvider {
Set<String> providePathData();
Set<String> provideExcludedResource();
}
````
This interface mainly needs to implement the above two methods.
`ProvidePathData` is to load resource permission configuration information, which is the resourceRole information column of sureness.yml in our configuration file mode.
`ProvideExcludedResource` is to load which resources can be filtered without authentication, that is, the excludedResource information column under sureness.yml, as follows.
````
resourceRole:
- /api/v2/host===post===[role2,role3,role4]
- /api/v2/host===get===[role2,role3,role4]
- /api/v2/host===delete===[role2,role3,role4]
- /api/v2/host===put===[role2,role3,role4]
- /api/mi/**===put===[role2,role3,role4]
- /api/v1/getSource1===get===[role1,role2]
- /api/v2/getSource2/*/*===get===[role2]
excludedResource:
- /api/v1/source3===get
- /api/v3/host===get
- /**/*.css===get
- /**/*.ico===get
- /**/*.png===get
````
When we use the database mode, it is ok to realize that this information is read from the database association. The specification returns eg: `/api/v2/host===post===[role2,role3,role4]` format data column.
Database implementation reference class - [DatabasePathTreeProvider](https://github.com/tomsun28/sureness/blob/master/sample-tom/src/main/java/com/usthe/sureness/sample/tom/sureness/provider/DatabasePathTreeProvider.java)
2.`SurenessAccountProvider`
````
public interface SurenessAccountProvider {
SurenessAccount loadAccount(String appId);
}
````
This interface mainly needs to implement the above loadAccount method, and the user's account information can be found from the database or redis cache through the user's unique identification and returned.
Default account information class `SurnessAccount` is as follows:
````
public class DefaultAccount implements SurenessAccount {
private String appId;
private String password;
private String salt;
private List<String> ownRoles;
private boolean disabledAccount;
private boolean excessiveAttempts;
}
````
Database implementation reference class - [DatabaseAccountProvider](https://github.com/tomsun28/sureness/blob/master/sample-tom/src/main/java/com/usthe/sureness/sample/tom/sureness/provider/DatabaseAccountProvider.java)
Detail please refer to [Sureness integration springboot sample(database scheme)](sample-tom.md)
Suggest take a look at the interface sureness provided, detail [Advanced Use](extend-point.md)
A subject also can support by different processors, so we can custom processor to support custom subject.
`A subject also can support by different processor, so we can custom processor to support custom subject`
`implment Processor, define which subject can support and implment processing details`
The processor is the authentication and authentication processor for the requested user account information subject. We need to implement the BaseProcessor interface to implement our custom authentication and authentication method.
Sureness has built-in PasswordProcessor that processes PasswordSubject based on account password authentication, and JwtProcessor that processes JwtSubject based on jwt authentication.
Detail please refer to [30 Minute Tutorial's Program--sample-tom](sample-tom.md)
Before customization, it is recommended to understand the sureness's process and the extended interface provided, see [Advanced Extension](extend-point.md) for details.
-`Processor`: `Subject` processing interface, according to Subject information, perform authentication
```
public abstract class BaseProcessor implements Processor{
public abstract boolean canSupportSubjectClass(Class<?> var);
public abstract Subject authenticated (Subject var) throws SurenessAuthenticationException;
public abstract void authorized(Subject var) throws SurenessAuthorizationException;
}
```
The above are some important interface methods of BaseProcessor. The custom processor requires us to implement these methods.
-`canSupportSubjectClass` judges whether to support this subject class type of input, for example, JwtProcessor only supports JwtSubject, PasswordProcessor only supports PasswordSubject.
-`authenticated` authenticates the subject, and performs the account authentication of the requesting user based on the incoming subject information and system information.
-`authorized` authenticates the subject, and the authentication determines whether the user has the access right to access the api.
Sureness uses an exception process model. The above authentication failures or authentication failures will throw different types of exceptions. The user captures and judges at the outermost point to implement the next process.
Detail please refer to [Sureness integration springboot sample(database scheme)](sample-tom.md)
@@ -4,7 +4,11 @@ Custom subject creator is our most frequently used extension.
When the request body object is not a servlet or jax-rs standard api, we need to customize the subject creator,
make it obtain the request information we need (request path, request method, authentication information, etc.) through the request object, thereby creating the corresponding subject.
Suggest take a look at the interface sureness provided, detail [Advanced Use](extend-point.md)
Sureness has built-in `BasicSubjectServletCreator` that can create `PasswordSubject` based on account password,
and create the `JwtSubjectServletCreator` of the jwt type `JwtSubject`, etc.
Of course, we can customize the subjectCreator we need to create the subject.
Before customization, it is recommended to understand the sureness's process and the extended interface provided, see [Advanced Extension](extend-point.md) for details.
-`SubjectCreate`: Create a `Subject` interface and create different types of `Subject` objects according to the request content.
Suggest take a look at the interface sureness provided, detail [Advanced Use](extend-point.md)
Subject contains the user information in our request.
Sureness has built-in `PasswordSubject` based on account password, `JwtSubject` based on jwt, etc.
Of course, we can customize the subject we need to expand our user information.
`Implment Subject, add custom subject content`
`Implment SubjectCreate to create custom subject`
`Implment Processor to support custom subject`
Before customization, it is recommended to understand the sureness's process and the extended interface provided, see [Advanced Extension](extend-point.md) for details.
Detail please refer to [30 Minute Tutorial's Program--sample-tom](sample-tom.md)
-`Subject`: Authentication and authorization object interface, providing access to the object's account info, requesting resources, roles and other information.
Customizing the subject requires the following process:
1.`Implment Subject, add custom subject content`
2.`Implment SubjectCreate to create custom subject`, see [Custom SubjectCreator](custom-subject-creator.md)
3.`Implment Processor to support custom subject`, see [Custom Processor](custom-processor.md)
Detail please refer to [Sureness integration springboot sample(database scheme)](sample-tom.md)
Sureness authentication requires us to provide our own account data, role permission data, etc. These data may come from text, relational databases, non-relational databases, annotations, etc.
We provide interfaces `SurenessAccountProvider`, `PathTreeProvider` for user implement to load data from the dataSource where they want.
We provide default dataSource implement which load dataSource from txt(sureness.yml), user can defined their data in sureness.yml.
We also provider dataSource implement which load dataSource form annotation - `AnnotationLoader`.
If the configuration resource data comes from text, please refer to [sureness integration springboot sample(configuration file scheme)--sample-bootstrap](https://github.com/tomsun28/sureness/tree/master/sample-bootstrap)
If the configuration resource data comes from dataBase, please refer to [sureness integration springboot sample(database scheme)-sample-tom](https://github.com/tomsun28/sureness/tree/master/sample-tom)
If the configuration resource data comes from text, please refer to [Sureness integration springboot sample(configuration file scheme)](https://github.com/tomsun28/sureness/tree/master/sample-bootstrap)
If the configuration resource data comes from dataBase, please refer to [Sureness integration springboot sample(database scheme)](https://github.com/tomsun28/sureness/tree/master/sample-tom)
#### Add an Interceptor Intercepting All Requests
The essence of `sureness` is to intercept all rest requests for authenticating and Authorizing.
The interceptor can be a filter or a spring interceptor, it intercepts all request to check them.
The essence of sureness is to intercept all rest requests for authenticating and Authorizing.
The interceptor can be a filter or a spring interceptor, it intercepts all request to check them.