### Cose Policy Schema Example Source: https://github.com/ahoo-wang/cosec/blob/main/README.zh-CN.md Demonstrates the structure of a Cose policy schema, used for configuring access control policies. This schema supports IDE auto-completion for policy definitions. ```JSON { "id": "id", "name": "name", "category": "category", "description": "description", "type": "global", "tenantId": "tenantId", "condition": { "bool": { "and": [ { "authenticated": {} }, { "rateLimiter": { "permitsPerSecond": 10 } } ] } }, "statements": [ { "action": { "path": { "pattern": "/user/#{principal.id}/*", "options": { "caseSensitive": false, "separator": "/", "decodeAndParseSegments": false } } } }, { "name": "Anonymous", "action": [ "/auth/register", "/auth/login" ] }, { "name": "UserScope", "action": "/user/#{principal.id}/*", "condition": { "authenticated": {} } }, { "name": "Developer", "action": "*", "condition": { "in": { "part": "context.principal.id", "value": [ "developerId" ] } } }, { "name": "RequestOriginDeny", "effect": "deny", "action": "*", "condition": { "regular": { "negate": true, "part": "request.origin", "pattern": "^(http|https)://github.com" } } }, { "name": "IpBlacklist", "effect": "deny", "action": "*", "condition": { "path": { "part": "request.remoteIp", "pattern": "192.168.0.*", "options": { "caseSensitive": false, "separator": ".", "decodeAndParseSegments": false } } } }, { "name": "RegionWhitelist", "effect": "deny", "action": "*", "condition": { "regular": { "negate": true, "part": "request.attributes.ipRegion", "pattern": "^中国\\|0\\|(上海|广东省)\\|.*" } } }, { "name": "AllowDeveloperOrIpRange", "action": "*", "condition": { "bool": { "and": [ { "authenticated": {} } ], "or": [ { "in": { "part": "context.principal.id", "value": [ "developerId" ] } }, { "path": { "part": "request.remoteIp", "pattern": "192.168.0.*", "options": { "caseSensitive": false, "separator": ".", "decodeAndParseSegments": false } } } ] } } }, { "name": "TestContains", "effect": "allow", "action": "*", "condition": { "contains": { "part": "request.attributes.ipRegion", "value": "上海" } } }, { "name": "TestStartsWith", "effect": "allow", "action": "*", "condition": { "startsWith": { "part": "request.attributes.ipRegion", "value": "中国" } } }, { "name": "TestEndsWith", "effect": "allow", "action": "*", "condition": { "endsWith": { "part": "request.attributes.remoteIp", "value": ".168.0.1" } } } ] } ``` -------------------------------- ### Policy Schema Example Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Demonstrates the structure of a policy configuration, including conditions, actions, and statements. This JSON adheres to the defined policy schema for IDE autocompletion. ```json { "id": "id", "name": "name", "category": "category", "description": "description", "type": "global", "tenantId": "tenantId", "condition": { "bool": { "and": [ { "authenticated": {} }, { "rateLimiter": { "permitsPerSecond": 10 } } ] } }, "statements": [ { "action": { "path": { "pattern": "/user/#{principal.id}/*", "options": { "caseSensitive": false, "separator": "/", "decodeAndParseSegments": false } } } }, { "name": "Anonymous", "action": [ "/auth/register", "/auth/login" ] }, { "name": "UserScope", "action": "/user/#{principal.id}/*", "condition": { "authenticated": {} } }, { "name": "Developer", "action": "*", "condition": { "in": { "part": "context.principal.id", "value": [ "developerId" ] } } }, { "name": "RequestOriginDeny", "effect": "deny", "action": "*", "condition": { "regular": { "negate": true, "part": "request.origin", "pattern": "^(http|https)://github.com" } } }, { "name": "IpBlacklist", "effect": "deny", "action": "*", "condition": { "path": { "part": "request.remoteIp", "pattern": "192.168.0.*", "options": { "caseSensitive": false, "separator": ".", "decodeAndParseSegments": false } } } }, { "name": "RegionWhitelist", "effect": "deny", "action": "*", "condition": { "regular": { "negate": true, "part": "request.attributes.ipRegion", "pattern": "^中国\\|0\\|(上海|广东省)\\|.*" } } }, { "name": "AllowDeveloperOrIpRange", "action": "*", "condition": { "bool": { "and": [ { "authenticated": {} } ], "or": [ { "in": { "part": "context.principal.id", "value": [ "developerId" ] } }, { "path": { "part": "request.remoteIp", "pattern": "192.168.0.*", "options": { "caseSensitive": false, "separator": ".", "decodeAndParseSegments": false } } } ] } } }, { "name": "TestContains", "effect": "allow", "action": "*", "condition": { "contains": { "part": "request.attributes.ipRegion", "value": "上海" } } }, { "name": "TestStartsWith", "effect": "allow", "action": "*", "condition": { "startsWith": { "part": "request.attributes.ipRegion", "value": "中国" } } }, { "name": "TestEndsWith", "effect": "allow", "action": "*", "condition": { "endsWith": { "part": "request.attributes.remoteIp", "value": ".168.0.1" } } } ] } ``` -------------------------------- ### Customize ConditionMatcher Factory (Kotlin) Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Provides an example of creating a custom ConditionMatcherFactory and ConditionMatcher in Kotlin for CoSec. This enables custom condition evaluation logic. ```kotlin class CustomConditionMatcherFactory : ConditionMatcherFactory { companion object { const val TYPE = "[CustomConditionType]" } override val type: String get() = TYPE override fun create(configuration: Configuration): ConditionMatcher { return CustomConditionMatcher(configuration) } } class CustomConditionMatcher(configuration: Configuration) : AbstractConditionMatcher(CustomConditionMatcherFactory.TYPE, configuration) { override fun internalMatch(request: Request, securityContext: SecurityContext): Boolean { //Custom matching logic } } ``` -------------------------------- ### Cose App Permission Schema Example Source: https://github.com/ahoo-wang/cosec/blob/main/README.zh-CN.md Illustrates the structure of the Cose application permission schema, used for defining and grouping application-specific permissions. This schema aids in managing granular access controls. ```JSON { "id": "manage", "condition": { "bool": { "and": [ { "authenticated": {} }, { "groupedRateLimiter": { "part": "request.remoteIp", "permitsPerSecond": 10, "expireAfterAccessSecond": 1000 } }, { "inTenant": { "value": "default" } } ] } }, "groups": [ { "name": "order", "description": "order management", "permissions": [ { "id": "manage.order.ship", "name": "Ship", "description": "Ship", "action": "/order/ship" }, { "id": "manage.order.issueInvoice", "name": "Issue an invoice", "description": "Issue an invoice", "action": "/order/issueInvoice" } ] } ] } ``` -------------------------------- ### Get Current Security Context (WebMvc) Source: https://github.com/ahoo-wang/cosec/blob/main/README.zh-CN.md Demonstrates how to access the current security context in a traditional Spring WebMvc application. It uses the static `SecurityContextHolder` to get the context. ```Java SecurityContextHolder.context ``` -------------------------------- ### Customize ActionMatcher Factory (Kotlin) Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Provides an example of creating a custom ActionMatcherFactory and ActionMatcher in Kotlin for CoSec. This allows for custom matching logic based on requests and security context. ```kotlin class CustomActionMatcherFactory : ActionMatcherFactory { companion object { const val TYPE = "[CustomActionType]" } override val type: String get() = TYPE override fun create(configuration: Configuration): ConditionMatcher { return CustomActionMatcher(configuration) } } class CustomActionMatcher(override val configuration: Configuration) : ActionMatcher { override val type: String get() = CustomActionMatcherFactory.TYPE override fun match(request: Request, securityContext: SecurityContext): Boolean { //Custom matching logic } } ``` -------------------------------- ### App Permission Metadata Schema Example Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Illustrates the structure for defining application permissions, including group names, descriptions, and specific actions. This JSON follows the app permission metadata schema for IDE autocompletion. ```json { "id": "manage", "condition": { "bool": { "and": [ { "authenticated": {} }, { "groupedRateLimiter": { "part": "request.remoteIp", "permitsPerSecond": 10, "expireAfterAccessSecond": 1000 } }, { "inTenant": { "value": "default" } } ] } }, "groups": [ { "name": "order", "description": "order management", "permissions": [ { "id": "manage.order.ship", "name": "Ship", "description": "Ship", "action": "/order/ship" }, { "id": "manage.order.issueInvoice", "name": "Issue an invoice", "description": "Issue an invoice", "action": "/order/issueInvoice" } ] } ] } ``` -------------------------------- ### Get Current Security Context (WebFlux) Source: https://github.com/ahoo-wang/cosec/blob/main/README.zh-CN.md Shows how to retrieve the current security context within a WebFlux reactive stream. It utilizes `Mono.deferContextual` to access context variables, including security information. ```Kotlin Mono.deferContextual { val securityContext = it.getSecurityContext() //TODO } ``` -------------------------------- ### ActionMatcherFactory Service Configuration Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Configuration file for registering a custom ActionMatcherFactory using Java's Service Provider Interface (SPI). This tells CoSec how to find and instantiate your custom matcher. ```properties # CustomActionMatcherFactory fully qualified name ``` -------------------------------- ### ConditionMatcherFactory Service Configuration Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Configuration file for registering a custom ConditionMatcherFactory using Java's Service Provider Interface (SPI). This allows CoSec to discover and use your custom condition matchers. ```properties # CustomConditionMatcherFactory fully qualified name ``` -------------------------------- ### WebMvc Security Context Access Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Demonstrates the standard way to access the current security context in a WebMvc application using `SecurityContextHolder.context`. This provides direct access to security information in a thread-local manner. ```java SecurityContextHolder.context ``` -------------------------------- ### WebFlux Security Context Mono Source: https://github.com/ahoo-wang/cosec/blob/main/README.md Illustrates how to access the security context within a WebFlux reactive stream using `Mono.deferContextual`. This snippet shows the pattern for obtaining context information in a reactive flow, with a placeholder for further implementation. ```kotlin Mono.deferContextual { val securityContext = it.getSecurityContext() //TODO } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.