-
Notifications
You must be signed in to change notification settings - Fork 12
Shield
- Shield
-
Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request. ⇐
Shield -
Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header. ⇐
Shield -
Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created. ⇐
Shield -
Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield ⇐
Shield
-
Shield
- .init(agent)
- .evaluate(req, success, fail) ⇒
Promise
Initializes the shield (used by PolicyAgent#shield()
Kind: instance method of Shield
| Param | Type |
|---|---|
| agent | PolicyAgent |
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of Shield
| Param | Type |
|---|---|
| req | Request |
| success | function |
| fail | function |
Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request. ⇐ Shield
Kind: global class
Extends: Shield
- [Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request.](#Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request.) ⇐
Shield- [new Shield implementation for validating session cookies. This shield checks if the request contains a session cookie and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for every request.([options])](#new_Shield implementation for validating session cookies. This shield checks if the request contains a session cookie and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for every request._new)
- .init(agent)
-
.evaluate(req, success, fail) ⇒
Promise
new Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for every request.([options])
| Param | Type | Default | Description |
|---|---|---|---|
| [options] | object |
Options | |
| [options.cookieName] | string |
overrides the cookie name that was retrieved from OpenAM with PolicyAgent#getServerInfo() | |
| [options.noRedirect] | boolean |
if {true}, the agent will not redirect to OpenAM's login page for authentication, only return a 401 response | |
| [options.getProfiles] | boolean |
false |
If {true}, the agent will fetch and cache the user's profile when validating the session |
| [options.passThrough] | boolean |
false |
If {true}, the shield will not enforce valid sessions. This is useful in conjunction with {getProfiles:true} when a route is public but you want fetch identity information for any logged in users. |
shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for every request..init(agent) Initializes the shield (used by PolicyAgent#shield()
Kind: instance method of [Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request.](#Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request.)
| Param | Type |
|---|---|
| agent | PolicyAgent |
shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request..evaluate(req, success, fail) ⇒ Promise
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of [Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request.](#Shield implementation for validating session cookies. This shield checks if the request contains a session cookie
and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for
every request.)
| Param | Type |
|---|---|
| req | Request |
| success | function |
| fail | function |
Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header. ⇐ Shield
Kind: global class
Extends: Shield
- [Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.](#Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.) ⇐
Shield- [new Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.([realm])](#new_Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header._new)
- .init(agent)
-
.evaluate(req, success, fail) ⇒
Promise
new Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.([realm])
| Param | Type | Default |
|---|---|---|
| [realm] | string |
"/" |
Example
curl -H 'Authorization Bearer 2dcaac7a-8ce1-4e62-8b3a-0d0b9949cc98' http://app.example.com:8080/mobileshield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header..init(agent) Initializes the shield (used by PolicyAgent#shield()
Kind: instance method of [Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.](#Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.)
| Param | Type |
|---|---|
| agent | PolicyAgent |
shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header..evaluate(req, success, fail) ⇒ Promise
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of [Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.](#Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token
issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.)
| Param | Type |
|---|---|
| req | Request |
| success | function |
| fail | function |
Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created. ⇐ Shield
Kind: global class
Extends: Shield
- [Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.](#Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.) ⇐
Shield- [new Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM. No session will be created.([options])](#new_Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM. No session will be created._new)
- .init(agent)
-
.evaluate(req, success, fail) ⇒
Promise
new Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.([options])
| Param | Type | Default | Description |
|---|---|---|---|
| [options] | object |
Options | |
| [options.realm] | string |
"/" |
Name of the realm in OpenAM to which the suer should be authenticated |
| [options.service] | string |
Name of the service (i.e. chain) used for authentication | |
| [options.module] | string |
Name of the module used for authentication (overrides {service}) |
shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created..init(agent) Initializes the shield (used by PolicyAgent#shield()
Kind: instance method of [Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.](#Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.)
| Param | Type |
|---|---|
| agent | PolicyAgent |
shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created..evaluate(req, success, fail) ⇒ Promise
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of [Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.](#Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM.
No session will be created.)
| Param | Type |
|---|---|
| req | Request |
| success | function |
| fail | function |
Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield ⇐ Shield
Kind: global class
Extends: Shield
- [Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield](#Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield) ⇐
Shield- [new Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the requested path, specified application name and current user. It requires a valid session cookie. Typically used in a chain with CookieShield([applicationName])](#new_Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the requested path, specified application name and current user. It requires a valid session cookie. Typically used in a chain with CookieShield_new)
- .init(agent)
-
.evaluate(req, success, fail) ⇒
Promise
new Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a chain with CookieShield([applicationName])
| Param | Type | Default | Description |
|---|---|---|---|
| [applicationName] | string |
"iPlanetAMWebAgentService" |
Name of the entitlement application in OpenAM |
Example
var cookieShield = new openam.CookieShield();
var policyShield = new openam.PolicyShield('my-app');
app.use('/some/protected/route', agent.shield(cookieShield), agent.shield(policyShield), function (req, res, next) {
// your route handler code here
});shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a chain with CookieShield.init(agent) Initializes the shield (used by PolicyAgent#shield()
Kind: instance method of [Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield](#Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield)
| Param | Type |
|---|---|
| agent | PolicyAgent |
shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield.evaluate(req, success, fail) ⇒ Promise
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of [Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield](#Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the
requested path, specified application name and current user. It requires a valid session cookie. Typically used in a
chain with CookieShield)
| Param | Type |
|---|---|
| req | Request |
| success | function |
| fail | function |