Security Engine

Introduction

The Security Engine in the codbex platform provides a comprehensive solution for securing applications, enforcing access constraints, and integrating with various authentication service providers. This documentation explores key features of the Security Engine, including its use of the Web Filer, configuration through *.access files, and support for plugins such as Keycloak, OAuth2, Azure, Google, and others.

Security Engine Features

Access Constraints

Security Engine utilizes the Web Filer underneath to enforce access constraints on REST paths and methods. This allows developers to define fine-grained access control rules based on the requirements of their applications.

Access constraints are defined in *.access files, allowing developers to specify rules for different REST paths and methods. These configuration files can be easily managed within the project structure.

Example *.access Configuration:

{
   "constraints":[
      {
         "scope":"HTTP",
         "path":"/myproject/myfolder/myartifact1.txt",
         "method":"*",
         "roles":[
            "myrole1",
            "myrole2"
         ]
      },
      {
         "scope":"HTTP",
         "path":"/myproject/myfolder/myartifact2.txt",
         "method":"GET",
         "roles":[
            "myrole3",
            "myrole4"
         ]
      }
   ]
}

Plugins for Authentication Service Providers

The Security Engine supports plugins for popular authentication service providers, enabling seamless integration with identity and access management systems. Plugins are available for Keycloak, OAuth2, Azure AD, Google, and other providers.

Conclusion

The Security Engine in the codbex platform provides a flexible and extensible framework for securing applications. By leveraging the Web Filer for access constraints, configuring security through *.access files, and integrating with authentication service providers through plugins, developers can implement robust security measures tailored to their specific needs.