Skip to content
forked from Ahoo-Wang/CoSec

RBAC-based And Policy-based Multi-Tenant Reactive Security Framework

License

Notifications You must be signed in to change notification settings

sniper-xx/CoSec

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CoSec

RBAC-based And Policy-based Multi-Tenant Reactive Security Framework.

License GitHub release Maven Central Codacy Badge codecov Integration Test Status

Authentication

Authentication-Flow

Authorization

Authorization-Flow

OAuth

OAuth-Flow

Modeling

Modeling

Gateway

Gateway

Authorization Policy

Authorization Policy

Build In Policy

ActionMatcher

ActionMatcher

ConditionMatcher

ConditionMatcher

Policy Schema

Policy Schema

Policy Demo

{
  "id": "id",
  "name": "name",
  "category": "category",
  "description": "description",
  "type": "global",
  "tenantId": "tenantId",
  "statements": [
    {
      "name": "Anonymous",
      "effect": "allow",
      "actions": [
        {
          "type": "path",
          "pattern": "/auth/register"
        },
        {
          "type": "path",
          "pattern": "/auth/login"
        }
      ]
    },
    {
      "name": "UserScope",
      "effect": "allow",
      "actions": [
        {
          "type": "path",
          "pattern": "/user/#{principal.id}/*"
        }
      ],
      "condition": {
        "type": "authenticated"
      }
    },
    {
      "name": "Developer",
      "effect": "allow",
      "actions": [
        {
          "type": "all"
        }
      ],
      "condition": {
        "type": "in",
        "part": "context.principal.id",
        "in": [
          "developerId"
        ]
      }
    },
    {
      "name": "RequestOriginDeny",
      "effect": "deny",
      "actions": [
        {
          "type": "all"
        }
      ],
      "condition": {
        "type": "reg",
        "negate": true,
        "part": "request.origin",
        "pattern": "^(http|https)://github.com"
      }
    },
    {
      "name": "IpBlacklist",
      "effect": "deny",
      "actions": [
        {
          "type": "all"
        }
      ],
      "condition": {
        "type": "path",
        "part": "request.remoteIp",
        "path": {
          "caseSensitive": false,
          "separator": ".",
          "decodeAndParseSegments": false
        },
        "pattern": "192.168.0.*"
      }
    },
    {
      "name": "RegionWhitelist",
      "effect": "deny",
      "actions": [
        {
          "type": "all"
        }
      ],
      "condition": {
        "negate": true,
        "type": "reg",
        "part": "request.attributes.ipRegion",
        "pattern": "^中国\\|0\\|(上海|广东省)\\|.*"
      }
    },
    {
      "name": "AllowDeveloperOrIpRange",
      "effect": "allow",
      "actions": [
        {
          "type": "all"
        }
      ],
      "condition": {
        "type": "bool",
        "bool": {
          "and": [
            {
              "type": "authenticated"
            }
          ],
          "or": [
            {
              "type": "in",
              "part": "context.principal.id",
              "in": [
                "developerId"
              ]
            },
            {
              "type": "path",
              "part": "request.remoteIp",
              "path": {
                "caseSensitive": false,
                "separator": ".",
                "decodeAndParseSegments": false
              },
              "pattern": "192.168.0.*"
            }
          ]
        }
      }
    }
  ]
}

Thanks

CoSec permission policy design refers to AWS IAM .

About

RBAC-based And Policy-based Multi-Tenant Reactive Security Framework

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Kotlin 99.9%
  • Dockerfile 0.1%