Security Framework Guide

Security Framework Guide

Architecture

Architecture

The security framework is a generic framework that enables users to perform authentication and authorization on top of a new security provider or an existing security provider. The framework hides implementation complexities and exposes a simple API interface that can save developer's efforts in securing any application.
The security framework consists of the Security Client Interface and Configuration Manager. The following figure shows the security framework architecture:
Security Client Interface
The main client interface that exposes a set of APIs for client applications. The client application uses these APIs to build a security around its data model. The framework requires the user to configure the security provider using appropriate Configuration provider.
Configuration Manager
The security framework can work with different security providers. At present, the MDM-RE Security Framework uses Apache Shiro. If required, MDM-RE can generalize to work with other third party frameworks in the future.
The framework also supports different persistent storages such as databases and LDAP directory service.
Using the Configuration Manager, you can configure the following in LDAP or Database store:
  1. Security provider: Properties of the security provider
  2. A persistence storage: Properties such as server address, and root user login details of the persistent storage.
The framework provides
IConfigProviderFactory
and
IConfigProvider
interfaces to enable users to configure the Security Provider that is running in the backend (may be LDAP or a database).
Authentication and Authorization
The core module which performs the authentication of the user. After authenticating a user the user session stores the authentication information and generates a session token. The rest of the communication that is authorization from the client to framework uses this session token to validate the user.
For every user who has logged-in, the framework generates the authorization information by querying the persistence storage. The framework caches this authorization information into memory for boosting the performance.
Provisioning
Provisioning manages the security policies for the following:
  1. Creation or Deletion of users
  2. User roles
  3. Groups
  4. System resources that needs secure access
  5. Privileges and Permissions
The database or the directory services stores provisioning information.
Persistent Storage
Persistent storage stores all the metadata of security framework. At present, the framework supports database and LDAP but is easily extensible for another storage if required.

0 COMMENTS

We’d like to hear from you!