search

Hypertopic / AAAforREST

An HTTP reverse proxy to bring authentication, authorization and accounting to RESTful applications
GNU Affero General Public License v3.0
6 stars 5 forks source link

Open access to dedicated resources #27

Closed christophe-lejeune closed 8 years ago

christophe-lejeune commented 9 years ago

AAAforREST config file allows to define general "rules" for authentication.

On the top of these rules, thanks to the "restricted" parameter, the access to dedicated resources can be restricted to specific users.

When general rules are already quite complex, it would be convenient that a comparable parameter permits to define the opposite behaviour : not restricting but opening dedicated resource's access to anyone (including guest users, with no password). This parameter would be helpful to set sandboxes, demos or public examples, for instance.

benel commented 9 years ago

Mixing black lists and white lists can be quite hard for programs (and humans too) to interpret. However you can already set a sandbox with a rule like this:

  "rules": [{
    "control": "!/sandbox/.test(path)",
    "action": "authenticate(context,function(){authorize(context,function(){proxyWork(context)})})"
  }]

Then, every URI containing "sandbox" will be ruled by the default (anarchic) rule.

benel commented 9 years ago

As in the future "rules language", a sandbox would be set with a passive scheme verb:"*", subject:null on a given object:"{uri}".