Split cosec-api from cosec-core. (#19)

Ahoo-Wang · Dec 2, 2022 · 57fd071 · 57fd071
1 parent 2562401
commit 57fd071
Show file tree

Hide file tree

Showing 148 changed files with 578 additions and 372 deletions.
diff --git a/cosec-api/build.gradle.kts b/cosec-api/build.gradle.kts
@@ -0,0 +1,16 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+dependencies {
+    api("io.projectreactor:reactor-core")
+}
diff --git a/...re/src/main/kotlin/me/ahoo/cosec/CoSec.kt → ...rc/main/kotlin/me/ahoo/cosec/api/CoSec.kt b/...re/src/main/kotlin/me/ahoo/cosec/CoSec.kt → ...rc/main/kotlin/me/ahoo/cosec/api/CoSec.kt
@@ -10,9 +10,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec
+package me.ahoo.cosec.api
 
-import me.ahoo.cosec.internal.InternalIds
+import me.ahoo.cosec.api.internal.InternalIds
 
 /**
  * CoSec const.

diff --git a/...re/src/main/kotlin/me/ahoo/cosec/Named.kt → ...rc/main/kotlin/me/ahoo/cosec/api/Named.kt b/...re/src/main/kotlin/me/ahoo/cosec/Named.kt → ...rc/main/kotlin/me/ahoo/cosec/api/Named.kt
@@ -10,7 +10,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec
+package me.ahoo.cosec.api
 
 /**
  * Named .

diff --git a/...oo/cosec/authentication/Authentication.kt → ...osec/api/authentication/Authentication.kt b/...oo/cosec/authentication/Authentication.kt → ...osec/api/authentication/Authentication.kt
@@ -10,9 +10,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.authentication
+package me.ahoo.cosec.api.authentication
 
-import me.ahoo.cosec.principal.CoSecPrincipal
+import me.ahoo.cosec.api.principal.CoSecPrincipal
 import reactor.core.publisher.Mono
 
 /**

diff --git a/.../authentication/AuthenticationProvider.kt → .../authentication/AuthenticationProvider.kt b/.../authentication/AuthenticationProvider.kt → .../authentication/AuthenticationProvider.kt
@@ -10,9 +10,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.authentication
+package me.ahoo.cosec.api.authentication
 
-import me.ahoo.cosec.principal.CoSecPrincipal
+import me.ahoo.cosec.api.principal.CoSecPrincipal
 
 /**
  * Authentication Provider.
@@ -38,9 +38,4 @@ interface AuthenticationProvider {
     ): A {
         return requireNotNull(get<C, P, A>(credentialsType)) { "Can not found Authentication by credentialsType:[${credentialsType.name}]" }
     }
-
-    companion object {
-        @JvmField
-        val DEFAULT: AuthenticationProvider = SimpleAuthenticationProvider
-    }
 }
diff --git a/.../ahoo/cosec/authentication/Credentials.kt → ...o/cosec/api/authentication/Credentials.kt b/.../ahoo/cosec/authentication/Credentials.kt → ...o/cosec/api/authentication/Credentials.kt
@@ -10,7 +10,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.authentication
+package me.ahoo.cosec.api.authentication
 
 /**
  * Credentials tag.

diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/authorization/Authorization.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/authorization/Authorization.kt
@@ -0,0 +1,33 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package me.ahoo.cosec.api.authorization
+
+import me.ahoo.cosec.api.context.SecurityContext
+import me.ahoo.cosec.api.context.request.Request
+import reactor.core.publisher.Mono
+
+/**
+ * The authorization refers to the process that determines what a user is allowed to do.
+ *
+ * @author ahoo wang
+ */
+fun interface Authorization {
+    /**
+     * 判断当前安全上下文（用户）是否具有该操作的权限.
+     *
+     * @param context Security Context
+     * @param request Request
+     * @return If true, the current user has access to the action.
+     */
+    fun authorize(request: Request, context: SecurityContext): Mono<AuthorizeResult>
+}
diff --git a/...ahoo/cosec/authorization/Authorization.kt → ...osec/api/authorization/AuthorizeResult.kt b/...ahoo/cosec/authorization/Authorization.kt → ...osec/api/authorization/AuthorizeResult.kt
@@ -10,27 +10,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.authorization
 
-import me.ahoo.cosec.context.SecurityContext
-import me.ahoo.cosec.context.request.Request
-import reactor.core.publisher.Mono
-
-/**
- * The authorization refers to the process that determines what a user is allowed to do.
- *
- * @author ahoo wang
- */
-fun interface Authorization {
-    /**
-     * 判断当前安全上下文（用户）是否具有该操作的权限.
-     *
-     * @param context Security Context
-     * @param request Request
-     * @return If true, the current user has access to the action.
-     */
-    fun authorize(request: Request, context: SecurityContext): Mono<AuthorizeResult>
-}
+package me.ahoo.cosec.api.authorization
 
 interface AuthorizeResult {
     val authorized: Boolean

diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/context/SecurityContext.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/context/SecurityContext.kt
@@ -0,0 +1,30 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.context
+
+import me.ahoo.cosec.api.principal.CoSecPrincipal
+import me.ahoo.cosec.api.tenant.TenantCapable
+
+interface SecurityContext : TenantCapable {
+    companion object {
+        const val KEY = "COSEC_SECURITY_CONTEXT"
+    }
+
+    val principal: CoSecPrincipal
+    fun setAttribute(key: String, value: Any): SecurityContext
+    fun <T> getAttribute(key: String): T?
+    fun <T> getRequiredAttribute(key: String): T {
+        return requireNotNull(value = getAttribute(key)) { "The required attribute:$key is not found." }
+    }
+}
diff --git a/.../me/ahoo/cosec/context/request/Request.kt → ...ahoo/cosec/api/context/request/Request.kt b/.../me/ahoo/cosec/context/request/Request.kt → ...ahoo/cosec/api/context/request/Request.kt
@@ -11,9 +11,9 @@
  * limitations under the License.
  */
 
-package me.ahoo.cosec.context.request
+package me.ahoo.cosec.api.context.request
 
-import me.ahoo.cosec.tenant.Tenant
+import me.ahoo.cosec.api.tenant.Tenant
 
 interface Request : Tenant {
     /**

diff --git a/...lin/me/ahoo/cosec/internal/InternalIds.kt → ...me/ahoo/cosec/api/internal/InternalIds.kt b/...lin/me/ahoo/cosec/internal/InternalIds.kt → ...me/ahoo/cosec/api/internal/InternalIds.kt
@@ -10,7 +10,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.internal
+package me.ahoo.cosec.api.internal
 
 /**
  * Internal Id Tool .

diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/ActionMatcher.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/ActionMatcher.kt
@@ -0,0 +1,18 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.policy
+
+import me.ahoo.cosec.api.principal.RequestMatcher
+
+interface ActionMatcher : RequestMatcher
diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/ConditionMatcher.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/ConditionMatcher.kt
@@ -0,0 +1,18 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.policy
+
+import me.ahoo.cosec.api.principal.RequestMatcher
+
+interface ConditionMatcher : RequestMatcher
diff --git a/...ain/kotlin/me/ahoo/cosec/policy/Effect.kt → ...kotlin/me/ahoo/cosec/api/policy/Effect.kt b/...ain/kotlin/me/ahoo/cosec/policy/Effect.kt → ...kotlin/me/ahoo/cosec/api/policy/Effect.kt
@@ -11,7 +11,7 @@
  * limitations under the License.
  */
 
-package me.ahoo.cosec.policy
+package me.ahoo.cosec.api.policy
 
 enum class Effect {
     ALLOW, DENY

diff --git a/...e/ahoo/cosec/policy/PermissionVerifier.kt → ...oo/cosec/api/policy/PermissionVerifier.kt b/...e/ahoo/cosec/policy/PermissionVerifier.kt → ...oo/cosec/api/policy/PermissionVerifier.kt
@@ -11,10 +11,10 @@
  * limitations under the License.
  */
 
-package me.ahoo.cosec.policy
+package me.ahoo.cosec.api.policy
 
-import me.ahoo.cosec.context.SecurityContext
-import me.ahoo.cosec.context.request.Request
+import me.ahoo.cosec.api.context.SecurityContext
+import me.ahoo.cosec.api.context.request.Request
 
 interface PermissionVerifier {
     fun verify(request: Request, securityContext: SecurityContext): VerifyResult

diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Policy.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Policy.kt
@@ -0,0 +1,28 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.policy
+
+import me.ahoo.cosec.api.Named
+import me.ahoo.cosec.api.tenant.Tenant
+
+/**
+ * Permission Policy
+ */
+interface Policy : Named, Tenant {
+    val id: String
+    val category: String
+    val description: String
+    val type: PolicyType
+    val statements: Set<Statement>
+}
diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/PolicyEvaluator.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/PolicyEvaluator.kt
@@ -0,0 +1,18 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.policy
+
+interface PolicyEvaluator {
+    fun evaluate(policy: Policy)
+}
diff --git a/...kotlin/me/ahoo/cosec/policy/PolicyType.kt → ...in/me/ahoo/cosec/api/policy/PolicyType.kt b/...kotlin/me/ahoo/cosec/policy/PolicyType.kt → ...in/me/ahoo/cosec/api/policy/PolicyType.kt
@@ -11,7 +11,7 @@
  * limitations under the License.
  */
 
-package me.ahoo.cosec.policy
+package me.ahoo.cosec.api.policy
 
 enum class PolicyType {
     /**

diff --git a/.../kotlin/me/ahoo/cosec/policy/Statement.kt → ...lin/me/ahoo/cosec/api/policy/Statement.kt b/.../kotlin/me/ahoo/cosec/policy/Statement.kt → ...lin/me/ahoo/cosec/api/policy/Statement.kt
@@ -11,10 +11,10 @@
  * limitations under the License.
  */
 
-package me.ahoo.cosec.policy
+package me.ahoo.cosec.api.policy
 
-import me.ahoo.cosec.context.SecurityContext
-import me.ahoo.cosec.context.request.Request
+import me.ahoo.cosec.api.context.SecurityContext
+import me.ahoo.cosec.api.context.request.Request
 
 interface Statement : PermissionVerifier {
     val effect: Effect
@@ -43,9 +43,3 @@ interface Statement : PermissionVerifier {
         }
     }
 }
-
-data class StatementData(
-    override val effect: Effect = Effect.ALLOW,
-    override val actions: Set<ActionMatcher> = emptySet(),
-    override val conditions: Set<ConditionMatcher> = emptySet()
-) : Statement
diff --git a/...me/ahoo/cosec/principal/CoSecPrincipal.kt → ...hoo/cosec/api/principal/CoSecPrincipal.kt b/...me/ahoo/cosec/principal/CoSecPrincipal.kt → ...hoo/cosec/api/principal/CoSecPrincipal.kt
@@ -10,11 +10,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.principal
+package me.ahoo.cosec.api.principal
 
-import me.ahoo.cosec.CoSec
-import me.ahoo.cosec.internal.InternalIds.wrap
-import me.ahoo.cosec.policy.PolicyCapable
+import me.ahoo.cosec.api.CoSec
+import me.ahoo.cosec.api.internal.InternalIds.wrap
 import java.security.Principal
 
 /**
@@ -53,8 +52,6 @@ interface CoSecPrincipal : Principal, PolicyCapable, RoleCapable {
 
         val ANONYMOUS_NAME = wrap("anonymous")
 
-        val ANONYMOUS: CoSecPrincipal = SimplePrincipal(ANONYMOUS_ID, ANONYMOUS_NAME)
-
         fun CoSecPrincipal.isRoot(): Boolean {
             return ROOT_NAME == name
         }

diff --git a/...lin/me/ahoo/cosec/policy/PolicyCapable.kt → ...ahoo/cosec/api/principal/PolicyCapable.kt b/...lin/me/ahoo/cosec/policy/PolicyCapable.kt → ...ahoo/cosec/api/principal/PolicyCapable.kt
@@ -10,7 +10,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package me.ahoo.cosec.policy
+package me.ahoo.cosec.api.principal
 
 /**
  * PolicyCapable .
@@ -22,7 +22,7 @@ interface PolicyCapable {
      * get policy ids.
      * relation:
      *
-     * [me.ahoo.cosec.principal.CoSecPrincipal] 1:N [me.ahoo.cosec.policy.Policy]
+     * [me.ahoo.cosec.api.principal.CoSecPrincipal] 1:N [me.ahoo.cosec.policy.Policy]
      *
      * @return policy ids..
      */

diff --git a/...in/me/ahoo/cosec/policy/RequestMatcher.kt → ...hoo/cosec/api/principal/RequestMatcher.kt b/...in/me/ahoo/cosec/policy/RequestMatcher.kt → ...hoo/cosec/api/principal/RequestMatcher.kt
@@ -11,10 +11,10 @@
  * limitations under the License.
  */
 
-package me.ahoo.cosec.policy
+package me.ahoo.cosec.api.principal
 
-import me.ahoo.cosec.context.SecurityContext
-import me.ahoo.cosec.context.request.Request
+import me.ahoo.cosec.api.context.SecurityContext
+import me.ahoo.cosec.api.context.request.Request
 
 interface RequestMatcher {
     val type: String