-
Notifications
You must be signed in to change notification settings - Fork 4
Security
Hot framework supports security out of the box. You can easily securing your entire app or just some of your REST endpoints.
Hot allows you to add authentication and authorisations based on multiple backend technologies like:
- Database
- LDAP
- OAuth (Twitter)
- OAuth (Facebook, Google)
The nice think is that you secure your app the same way independently of the underlying login backend.
In order to secure your app, simply use the hot CLI.
The Database backend use a set of tables previously created in one of the datasources defined in your project.
User informations (username, password, roles, ...) are stored in these tables.
The following command will be used to add the DB based security layer to your app:
$> hot auth-db -n <datasource_name> [-u <username>] [-p <password>] [-roles <coma seperated list of roles>]-n,--name <arg> Name of the datasource
-p,--password <arg> Default password (associated to username) to insert
in the DB (optional)
-roles <arg> List of roles associatted to username (optional)
-u,--username <arg> Default username to insert in the DB (optional)
The datasource must be previously defined in your project. You can optionally create a default user via the username, password and roles parameters.
The following tables must be created before adding the authentication backend.
CREATE TABLE users(
username varchar_ignorecase(50) NOT NULL PRIMARY KEY,
password varchar_ignorecase(50) NOT NULL,
enabled boolean not null);
CREATE TABLE authorities (
username varchar_ignorecase(50) NOT NULL,
authority varchar_ignorecase(50) NOT NULL,
CONSTRAINT fk_authorities_users foreign key(username) references users(username));
CREATE UNIQUE INDEX ix_auth_username on authorities (username,authority);CREATE TABLE IF NOT EXISTS users(
username varchar(50) NOT NULL PRIMARY KEY,
password varchar(50) NOT NULL,
enabled boolean not null) engine = InnoDb;
CREATE TABLE IF NOT EXISTS authorities (
username varchar(50) NOT NULL,
authority varchar(50) NOT NULL,
foreign key (username) references users(username)) engine = InnoDb;
CREATE UNIQUE INDEX ix_auth_username on authorities (username,authority);create table users(
username varchar2(50) not null primary key,
password varchar2(50) not null,
enabled number(1) not null
);
create table authorities (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint fk_authorities_users foreign key(username) references users(username)
);Le LDAP backend use a LDAP server to handle authentication and autorisations.
The following command will be used to add the LDAP based security layer to your app:
$> hot auth-ldap -url <ldap url> [-gsb <group-search-base> -gsf <group-search-filter> | -udp <user-dn-patterns> | -usb <user-search-base> -usf <user-search-filter>]
-gsb,--group-search-base <arg> search base for group searches
(optional)
-gsf,--group-search-filter <arg> the LDAP filter to search for groups
(optional)
-udp,--user-dn-patterns <arg> the LDAP patterns for finding the
usernames (optional)
-url <arg> ldap url in the form of
'ldap://example.com:389/dc=example,dc=
com'
-usb,--user-search-base <arg> search base for user searches
(optional)
-usf,--user-search-filter <arg> the LDAP filter used to search for
users (optional)