31. Securing Applications - Authorization

PROBLEM

Authentication is used to determine the identify of the user, however identifying the user isn't the only aspect of security. There needs to be a strategy for verifying that the user is authorized to access an application or perform a specific application function.

SOLUTION

Another aspect of security is authorization. Authorization is the process of verifying that an authenticated user has the authority to perform certain functions. Skyway supports role-based authorization -- an authenticated user has a set of roles that define which functions may perform. In Skyway, the application is responsible for authorizing. The alternative would be for the developer to declaratively designate which roles can invoke certain operation. Letting the application authorize provides the maximum flexibility, since often times a function may not coincide with an operation. To support this kind of authorization model, Skyway Builder provides the following functions that are callable from the Variable Editor step and Groovy step:

Authorization Functions

HOW IT WORKS

RELATED RECIPES

  1. Securing Applications - Authentication