Authorization Layer Implementation.
- Manas Singh (Unlicensed)
What is the purpose of this article?
This article entails the implementation of Authorization layer when any new service/ repo is being developed. It is a practice followed where any request made from frontend and/ or any source outside of the control system, the request has to be authentic and have authorized permissions for the resource.
What is Auth(orization) Layer and why is it important?
What is Authorization?
Authorization means whether the user has permission or granted scopes for the resource they want to access/ request. It verifies the identity of the user and the roles granted to that user for any particular resource. Authorization mechanism can work using many techniques, one of which is Bearer token method using JWT, one we currently use in our architecture.
The JWT auth token contains information regarding the workspace access to a particular user.
For more on authorization using JWT token click here https://docs.oracle.com/cd/E55956_01/doc.11123/oauth_guide/content/oauth_access_token_jwt.html
Steps to replicate Auth Layer.
For better results, clone the repo Esb Platform Service on your local to understand the project structure for Auth layer. The purpose is not to clone platform project project and edit that project but to make a separate project and take platform project project as a reference point.
To replicate Auth layer in a new repo, follow the below steps:
Copy the AuthConfig.java class from the below link.
https://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/config/AuthConfig.java
AuthConfig.java is environment specific so make sure while setting up project you use the correct AuthConfig.
NOTE: Whether AuthConfig is of staging environment or prod, can be identified if in the file the constantAUTH0_AUDIENCEhas the valuehttps://eshopbox-portal-dev.appspot.com.Copy the content of the auth folder provided in link.
https://gitlab.com/eshopbox-team/esb-platform-service/-/tree/master/src/main/java/com/platform/authCopy the interface from the below link.
https://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/Idao/IAccountsDao.java
You need only copy the structure of iDao with function declaration foraccountDao.getAccountByAccountSlugand its subsequent implementation from https://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/dao/AccountsDao.javahttps://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/Idao/IUserAccountDao.java
userAccountDao.getUserAccountMappingWithOutStatusand its subsequent implementation from https://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/dao/UserAccountDao.javahttps://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/Idao/IWarehouseDao.java
warehouseDao.getWarehouseWorkspaceListwarehouseDao.getUserWarehouseMappingwarehouseDao.getWarehouseDataByExternalWarehouseand its subsequent implementation from https://gitlab.com/eshopbox-team/esb-platform-service/-/blob/master/src/main/java/com/platform/dao/WarehouseDao.javaAuth Layer uses caching techniques depending on what source is mentioned in application.properties.
Copy the below file structure for Caching implementation.
https://gitlab.com/eshopbox-team/esb-platform-service/-/tree/master/src/main/java/com/platform/cacheThe caching strategy works on the condition, where if in application.properties file, cacheProvider = redis then RedisUtil is initialized and Redis cache management will be used, else Appengine’s memcache will be used.
static { if ("redis".equalsIgnoreCase(Config.cacheProvider)) { memoryService = new RedisUtil(); } else { memoryService = new MemcacheUtil(); } }Once all the content of these files are copied, using the initial clone of the Esb Platform Service, make sure to clear all the errors while copying.
Auth Layer can be enabled on an API by adding User user to the function parameters of the Endpoint.
@ApiMethod(name = "searchOrderReturnIndexData", httpMethod = HttpMethod.GET, path = "orders/search")
public Map<String, Object> searchOrderReturnIndexData(User user,
HttpServletRequest httpServletRequest,
@Named("account") @Nullable String account)
throws ServiceException {
}Note: When all the content is copied, you will have to make sure your API has the signature in openapi.json file. Run the below command in sequence
mvn clean package
mvn endpoints-framework:openApiDocs
Open the target folder \target\openapi-docs\openapi.json file. This file contains information on the authorization and API target information.
Note: When running the command “gcloud endpoints services deploy target/openapi-docs/openapi.json” make sure all the configuration in pom.xml, appengine.aml and web.xml are set for the staging environment. This command deployed the openapi.json file on GCP project. You can check the results of this command in GCP Endpoint > {{Select the service}} > Deployment history segment.