Authorizer Client
AuthorizerClient
is an abstraction over the raw grpc bindings that talks to the Aserto authorization API.
It can be used to make authorization calls, or to create authorization middleware.
Installation
The code is available as a maven component and can be easily added to you project by adding the maven dependency
<dependency>
<groupId>com.aserto</groupId>
<artifactId>aserto-java</artifactId>
<version>1.0.1</version>
</dependency>
Create a Client
// create a channel that has the connection details
ManagedChannel channel = new ChannelBuilder()
.withHost("localhost")
.withPort(8282)
.withCACertPath(<path_to_authorizer_certificates>)
.build();
// create authz client
AuthorizerClient authzClient = new AuthzClient(channel);
If you are using Topaz as an authorizer, by default the certificate will in be $HOME/.local/share/topaz/certs/grpc-ca.crt
, or $HOME\AppData\Local\topaz\certs
on Windows.
For dev/test scenarios you can also use an insecure connection by replacing .withCACertPath(<path_to_authorizer_certificates>)
with .withInsecure(true)
The ChannelBuilder
accepts setting the fallowing properties:
Method | Description |
---|---|
withHost(String) | authorizer host |
withPort(int) | authorizer port |
withCACertPath(String) | path to certificate used for TLS connection to authorizer |
withInsecure(Boolean) | use an isecure connection to the authorizer |
withTenantId(String) | TenantId, not required for Topaz |
withAPIKeyAuth(String) | auth key, not required for Topaz |
withTokenAuth(String) | Auth0 token |
Make Authorization Calls
// identity context contains information abou the user that requests access to some resource
IdentityCtx identityCtx = new IdentityCtx("rick@the-citadel.com", IdentityType.IDENTITY_TYPE_SUB);
// contains information about the policy we want to check for the provided identity
PolicyCtx policyCtx = new PolicyCtx("todo", "todo", "todoApp.DELETE.todos.__id", new String[]{"allowed"});
// check if the identity is allowed to perform the action
List<Decision> decisions = authzClient.is(identityCtx, policyCtx);
authzClient.close();
decisions.forEach(decision -> {
String dec = decision.getDecision();
boolean isAllowed = decision.getIs();
System.out.println("For decision [" + dec + "] the answer was [" + isAllowed + "]");
});
For more details please see the full example