oso icon indicating copy to clipboard operation
oso copied to clipboard

Published 20 hours ago verified publisher icon osohq

Spring Integration

Open gneray opened this issue 3 years ago • 2 comments

This is an external tracking issue to:

  1. Gauge interest from the community for this feature
  2. Learn about what you'd want to see out of it if we worked on it.

So please:

  1. Upvote the issue if it's important to you, and
  2. Comment with any relevant info on your requirements use cases, etc.

Thanks!

PS We do all our internal engineering issue tracking separately in Notion, so you won't necessarily see regular updates to the project status here even once we begin work.

gneray avatar Dec 18 '20 20:12 gneray

Am I the only one interested in this integration, or is it already integrated and I'm missing something?

I definitely see how Oso would make my life easier, just trying to figure out the best way to integrate between Spring Security and Oso.

tedyoung avatar Sep 15 '21 21:09 tedyoung

Hey @tedyoung -- thanks for popping in. We haven't had a chance to really focus on lots of framework-specific integrations recently, but we do hope that Oso is compatible with most (if not all) frameworks out there.

I haven't had a chance to look deeply at the specifics of Spring, but you should still be able to use Oso. At a glance it seems like Spring Security gives you a framework for authenticating users -- I think you should be able to pass in a Spring Security Authentication instance like so:

@Controller
public class SomeResourceController {

    @RequestMapping(value = "/some_resource", method = RequestMethod.GET)
    @ResponseBody
    public String readSomeResource(Authentication authentication) {
        Oso oso = getOsoInstance();
        SomeResource someResource = SomeResource.find();

        // Authorize user action using Oso
        oso.authorize(authentication, "read", someResource);

        return someResource.toString();
    }
}

(apologies if there is some code in there that makes no sense)

One framework-specific challenge to figure out is how to access an Oso instance from the code of each endpoint (the getOsoInstance call in the example above). I don't know enough about Spring to advise the best way to do that, but I'm sure it's possible to provide access to a global object.

Then, you'll need to handle Oso authorization errors for unauthorized users, which Spring also likely provides a way to do.

Let me know if you are having trouble with any Spring specifics and I can give it a look. In the meantime, join us on slack if you haven't already -- it's a good way to get quick help from us and other members of the community :)

gkaemmer avatar Sep 17 '21 23:09 gkaemmer