-
Notifications
You must be signed in to change notification settings - Fork 12
Shield
Abstract Shield class
Example
var util = require('util'),
openamAgent = require('openam-agent');
function MyShield(options) {
this.options = options;
}
util.inherits(MyShield, Shield);
MyShield.prototype.evaluate = function (req, success, fail) {
var sessionKey, sessionData;
if (this.options.foo) {
// do something
sessionKey = 'foo';
sessionData = 'bar';
success(sessionKey, sessionData);
} else {
// failure
fail(401, 'Unauthorized', 'Missing Foo...');
}
};
// including it in the express app
app.use(agent.shield(new MyShield({foo: 'bar'})));
Initializes the shield (used by PolicyAgent#shield()
Kind: instance method of Shield
Param | Type |
---|---|
agent | PolicyAgent |
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of Shield
Param | Type |
---|---|
req | Request |
success | function |
fail | function |
Kind: global class
Shield implementation for validating session cookies. This shield checks if the request contains a session cookie and validates it against OpenAM. The session is cached if notifications are enabled, otherwise it's re-validated for every request.
Param | Type | Default | Description |
---|---|---|---|
[options.cookieName] | string |
overrides the cookie name that was retrieved from OpenAM with PolicyAgent#getServerInfo() | |
[options.noRedirect] | boolean |
if {true}, the agent will not redirect to OpenAM's login page for authentication, only return a 401 response | |
[options.getProfiles] | boolean |
false |
If {true}, the agent will fetch and cache the user's profile when validating the session |
[options.passThrough] | boolean |
false |
If {true}, the shield will not enforce valid sessions. This is useful in conjunction with {getProfiles:true} when a route is public but you want fetch identity information for any logged in users. |
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of CookieShield
Param | Type |
---|---|
req | Request |
success | function |
fail | function |
Kind: global class
Shield implementation for enforcing Oauth2 access_tokens. This Shield implementation validates an OAuth2 access_token issued by OpenAM, using OpenAM's /oauth2/tokeninfo service. The access_token must be sent in an Authorization header.
Example
curl -H 'Authorization Bearer 2dcaac7a-8ce1-4e62-8b3a-0d0b9949cc98' http://app.example.com:8080/mobile
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of OAuth2Shield
Param | Type |
---|---|
req | Request |
success | function |
fail | function |
Kind: global class
Shield implementation for enforcing a basic auth header. The credentials in the Authorization will be sent to OpenAM. No session will be created.
Param | Type | Default | Description |
---|---|---|---|
[options.realm] | string |
"/" |
Name of the realm in OpenAM to which the suer should be authenticated |
[options.service] | string |
Name of the service (i.e. chain) used for authentication | |
[options.module] | string |
Name of the module used for authentication (overrides {service}) |
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of BasicAuthShield
Param | Type |
---|---|
req | Request |
success | function |
fail | function |
Kind: global class
Shield implementation for enforcing policy decisions. This shield fetches policy decisions from OpenAM for the requested path, specified application name and current user. It requires a valid session cookie. Typically used in a chain with CookieShield
Param | Type | Default | Description |
---|---|---|---|
[applicationName] | string |
"iPlanetAMWebAgentService" |
Name of the entitlement application in OpenAM |
Example
var cookieShield = new openam.CookieShield();
var policyShield = new openam.PolicyShield('my-app');
app.use('/some/protected/route', agent.shield(cookieShield), agent.shield(policyShield), function (req, res, next) {
// your route handler code here
});
Main shield logic; override this method. Calls fail() or success().
Kind: instance method of PolicyShield
Param | Type |
---|---|
req | Request |
success | function |
fail | function |