Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dashboard SSO support: CF authZ (service instance permission) #303

Open
gberche-orange opened this issue Aug 6, 2020 · 0 comments
Open

Comments

@gberche-orange
Copy link
Contributor

gberche-orange commented Aug 6, 2020

  • As a spring-cloud-open-service-broker user
  • in order to expose additional dashboard endpoints restricted to CF users having access to the service instance
  • I need some support to check user permission as documented in dashboard-sso.html#checking-user-permissions

The Oauth based authN flow is pretty well documented when the dashboard urls are fronted by spring-cloud-gateway, see 2019 blog securing-services-with-spring-cloud-gateway

The authZ using the CF GET /v2/service_instances/:guid/permissions endpoint seems less documented. Custom spring security authZ using blocking servlet API is documented at spring-security#authz-custom-voter, 2009 blog spring-security-customization-part-2-adjusting-secured-session-in-real-time, as well as baeldung.com/spring-security-custom-voter however the reactive counter part is harder to find, boot-features-security-webflux seems a good entry point.

Would the spring cloud community have code snippets or pointers available to share to support this use-case ?

If not, I'll keep on iterating with my prototyping and would be keen on contributing this to the spring-cloud-open-service-broker documentation of this can be useful to the community.

@gberche-orange gberche-orange changed the title Sashboard SSO support: CF authZ (service instance permission) Dashboard SSO support: CF authZ (service instance permission) Aug 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant