-
Notifications
You must be signed in to change notification settings - Fork 12
Shield
-
BasicAuthShield ⇐
Shield -
CookieShield ⇐
Shield -
OAuth2Shield ⇐
Shield -
PolicyShield ⇐
Shield - Shield
- ShieldEvaluationError
BasicAuthShield ⇐ Shield
Kind: global class
Extends: Shield
-
BasicAuthShield ⇐
Shield- new BasicAuthShield([options])
-
.evaluate(request, response, agent) ⇒
Promise.<{id: string, data: *}>
Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM. No session will be created.
| Param | Type | Default | Description |
|---|---|---|---|
| [options] | object |
Options | |
| [options.realm] | string |
"/" |
Name of the realm in OpenAM to which the suer should be authenticated |
| [options.service] | string |
Name of the service (i.e. chain) used for authentication | |
| [options.module] | string |
Name of the module used for authentication (overrides {service}) |
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of BasicAuthShield
Overrides: evaluate
| Param | Type | Description |
|---|---|---|
| request | http~IncomingMessage |
Request |
| response | http~ServerResponse |
Response |
| agent | PolicyAgent |
Agent instance |
CookieShield ⇐ Shield
Kind: global class
Extends: Shield
-
CookieShield ⇐
Shield- new CookieShield([options])
-
.evaluate(request, response, agent) ⇒
Promise.<{id: string, data: *}>
Shield implementation for validating session cookies. This shield checks if the request contains a session cookie and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for every request.
| Param | Type | Default | Description |
|---|---|---|---|
| [options] | object |
Options | |
| [options.noRedirect] | boolean |
false |
If true, the agent will not redirect to OpenAM's login page for authentication, only return a 401 response |
| [options.getProfiles] | boolean |
false |
If true, the agent will fetch and cache the user's profile when validating the session |
| [options.passThrough] | boolean |
false |
If true, the shield will not enforce valid sessions. This is useful in conjunction with {getProfiles:true} when a route is public but you want fetch identity information for any logged in users. |
| [options.cdsso] | boolean |
false |
Enable CDSSO mode (you must also mount the agent.cdsso() middleware to your application) |
This is the main shield logic. The request is checked for a valid session ID.
Kind: instance method of CookieShield
Overrides: evaluate
| Param | Type | Description |
|---|---|---|
| request | http~IncomingMessage |
Request |
| response | http~ServerResponse |
Response |
| agent | PolicyAgent |
Agent instance |
OAuth2Shield ⇐ Shield
Kind: global class
Extends: Shield
-
OAuth2Shield ⇐
Shield- new OAuth2Shield([realm])
-
.evaluate(request, response, agent) ⇒
Promise.<{id: string, data: *}>
Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.
| Param | Type | Default |
|---|---|---|
| [realm] | string |
"/" |
Example
curl -H 'Authorization Bearer 2dcaac7a-8ce1-4e62-8b3a-0d0b9949cc98' http://app.example.com:8080/mobileMain shield logic; override this method. Calls fail() or success().
Kind: instance method of OAuth2Shield
Overrides: evaluate
| Param | Type | Description |
|---|---|---|
| request | http~IncomingMessage |
Request |
| response | http~ServerResponse |
Response |
| agent | PolicyAgent |
Agent instance |
PolicyShield ⇐ Shield
Kind: global class
Extends: Shield
-
PolicyShield ⇐
Shield- new PolicyShield([applicationName])
-
.evaluate(request, response, agent) ⇒
Promise.<{id: string, data: *}>
Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the requested path, specified application name and current user. It requires a valid session cookie. Typically used in a chain with CookieShield
| Param | Type | Default | Description |
|---|---|---|---|
| [applicationName] | string |
"iPlanetAMWebAgentService" |
Name of the entitlement application in OpenAM |
Example
var agent = openamAgent(options),
cookieShield = openamAgent.policyShield('myApp');
app.use('/some/protected/route', agent.shield(policyShield), function (req, res, next) {
// your route handler code here
});Main shield logic; override this method. Calls fail() or success().
Kind: instance method of PolicyShield
Overrides: evaluate
| Param | Type | Description |
|---|---|---|
| request | http~IncomingMessage |
Request |
| response | http~ServerResponse |
Response |
| agent | PolicyAgent |
Agent instance |
Main shield logic; override this method. Calls fail() or success().
Kind: instance abstract method of Shield
| Param | Type | Description |
|---|---|---|
| req | http~IncomingMessage |
HTTP request |
| res | http~ServerResponse |
HTTP response |
| agent | PolicyAgent |
Agent instance |
| Param | Type | Description |
|---|---|---|
| statusCode | number |
Status code |
| message | string |
Error message |
| [stack] | string |
Error description or stack trace |