search

scalecube / scalecube-services

Microservices library - scalecube-services is a high throughput, low latency reactive microservices library built to scale. it features: API-Gateways, service-discovery, service-load-balancing, the architecture supports plug-and-play service communication modules and features. built to provide performance and low-latency real-time stream-processing
http://scalecube.github.io/
Apache License 2.0
610 stars 105 forks source link

Always authenticate connections #822

Closed Sm0keySa1m0n closed 2 years ago

Sm0keySa1m0n commented 3 years ago

If an authenticator is present, always authenticate connections regardless of whether credentials are present because at the moment if a client wants to bypass authentication they can just not specify any credentials.

artem-v commented 2 years ago

It doesnt matter did you set authenticator or have you provided credentials. Only service method will judge. Service method will look for AUTH_CONTEXT and if it is null then caller will get error. One more. If you set authenticator and provided credentials and credentials are valid then you're allowed to est. connection, and auth_context will be set. But. Still only service method will judge, because you might call method which is not allowed to be called for your credentials with which you successfully est. connection. P.S Ofcourse for this to happen service method must be defined with annotation io.scalecube.services.auth.Secured.

Sm0keySa1m0n commented 2 years ago

So every single service method needs to do it's own authentication checks?

artem-v commented 2 years ago

So every single service method needs to do it's own authentication checks?

If service method is annotated with @Secured then - yes, otherwise - no.