Challenge Overview
In this challenge series we’ll be developing a SSO solution that will be a reverse proxy to a target application. It will authenticate users via LDAP, then authorise logged in user to perform requested action. Authorization will use a set of rules and policies, and will set additional HTTP headers to the proxied request. Application will have a separate management interface to manage policies, rules, headers and users.
In a previous challenge, we have built crud services for managing the SSO application. In this challenge we'll update api security and add a service to evaluate application policies, rules and headers. Here are the exact requirements:
1. Update authentication to use JWT token (header Authorization: Bearer JWT)
2. Add LoginController with a single endpoint - login(username,password). Actual login will be done by the LdapService. On success create and return a JWT token and user info.
3. Update com.sm.engine/security/* to use the new JWT token
4. Update Header.userAttributes to be a list of DynamicHeader { String headerName, String attributeName } - this includes updating models,services,controllers, swagger and postman.
5. Current crud services will accept fully populated referenced entities in create/update methods, but will not create/update the referenced entities - just integrity checks are performed using entity Id. Update the services to actually insert the referenced entities if object ids are null, and keep reference checks when object ids are populated. Make sure to update swagger and postman files and remove any redundant parameters. Right now both swagger and postman api calls contain all the data for referenced entities even though only Ids are used.
6. Add /headers/evaluate/{username} endpoint to HeaderController and the same method to HeaderService. It will return a list of objects {"name":"header_name","value":"header_value"}. Remove the "getHeadersPreview" method from HeaderService.
HeaderService.evaluate will do the following
Include instructions for local and Heroku deployment. All API changes should be reflected in the swagger and postman files as well.
Deployment guide (environment, configuration, build, run - local and heroku)
Verification guide for testing the api
In a previous challenge, we have built crud services for managing the SSO application. In this challenge we'll update api security and add a service to evaluate application policies, rules and headers. Here are the exact requirements:
1. Update authentication to use JWT token (header Authorization: Bearer JWT)
2. Add LoginController with a single endpoint - login(username,password). Actual login will be done by the LdapService. On success create and return a JWT token and user info.
3. Update com.sm.engine/security/* to use the new JWT token
4. Update Header.userAttributes to be a list of DynamicHeader { String headerName, String attributeName } - this includes updating models,services,controllers, swagger and postman.
5. Current crud services will accept fully populated referenced entities in create/update methods, but will not create/update the referenced entities - just integrity checks are performed using entity Id. Update the services to actually insert the referenced entities if object ids are null, and keep reference checks when object ids are populated. Make sure to update swagger and postman files and remove any redundant parameters. Right now both swagger and postman api calls contain all the data for referenced entities even though only Ids are used.
6. Add /headers/evaluate/{username} endpoint to HeaderController and the same method to HeaderService. It will return a list of objects {"name":"header_name","value":"header_value"}. Remove the "getHeadersPreview" method from HeaderService.
HeaderService.evaluate will do the following
- Select all enabled policies from the database using PolicyService.search. PolicyService.createSearchExample should be updated to support searching for enabled policies (Policy.enabled field)
- For each of the policies evaluate its rules by calling LDAPService.evaluateRule(ruleString), with ruleString being comma joined list of name=value pairs from rule.ruleInfo (for example if ruleInfo contains [{name:"cn",value:"test"},{name:"ou",value:"test1"}], ruleString should be "cn=test,ou=test1"). If all policies evaluate to true, the policy is active and it's headers should be added to the response
- For each header in active policies do the following
- For each static variable in the header add variable name and value to the result
- For user attributes call LDAPService.getUserAttributes to get values for user attributes and add all of them to the result
Include instructions for local and Heroku deployment. All API changes should be reflected in the swagger and postman files as well.
Final Submission Guidelines
Submit the full source code for the appDeployment guide (environment, configuration, build, run - local and heroku)
Verification guide for testing the api