MOSIP Docs 1.1.5
GitHubCommunityTech Blogs
  • Home
  • Architecture
    • Guiding Principles
    • MOSIP Architecture
      • Technology Stack
    • MOSIP and Data
      • Naming Standards
      • Data-Model
    • Privacy & Security
      • Cryptography in MOSIP
    • Anonymous Profiling Support
  • Modules
    • Pre-Registration
      • Pre-Registration Functionality
      • UI Specification for Pre-registration
      • Pre-Registration Configuration
    • Registration
      • Registration Functionality
      • Registration Packet
      • Registration Client Setup
      • First User Registration and Onboarding
      • Guide to Configure MOSIP for Biometrics
      • Guide to On-board Biometric Devices
      • Device Integration Specifications
      • UI Specification for Registration Client
    • Registration Processor
      • Registration Processor Functionality
      • Deduplication and Manual Adjudication
      • MOSIP ID Object Definition
    • ID Repository
    • ID Authentication
      • ID Authentication Functionality
    • Resident Services
      • Resident Services Functionality
    • Partner Management
      • Partner Management Functionality
      • MOSIP Partner Secure Communication
      • Partner Self Service Portal
    • Administration
      • Admin Services Functionality
      • Download Card
    • Kernel
      • Audit Manager Functionality
        • Admin Service Audits
        • Resident Service Audits
        • Partner Management Audits
        • Registration Client Audits
        • Registration Processor Audits
        • ID Repository Audits
        • ID Authentication Audits
        • Pre-registration Audits
      • Authentication and Authorization Functionality
      • Auth Adapter
      • Auth Implementation
      • Common Services Functionality
      • Data Services Functionality
      • Master Data Services Functionality
      • UIN and VID Generation Service Functionality
      • VID Generator
  • Biometrics
    • ABIS
    • Biometric SDK
    • MDS Specification
    • Biometric Specification
    • CBEFF XML
    • Compliance Tool Kit
  • Build & Deploy
    • Sandbox Installer
    • Deployment Architectures
    • Cell Based Deployment Architecture
    • Hardware Security Module HSM Specifications
    • Hardware Sizing
    • Customizations for a Country
    • Other Installation Guides
      • Steps to Install and Configure HDFS
      • Steps to Install and use PostgreSQL Version 10.2 on RHEL 7.5
      • Steps to Install Clam AntiVirus Version 0.101.0
      • Steps to Install Keycloak Standalone Server
    • Services in MOSIP
  • Glossary
  • Contribute
    • Call for Contribution
    • Contributor's Guide
    • Code of Conduct
    • Issue Reporting Guideline
    • Coding Standards
      • Auth Angular User Guide
      • Auth SpringBoot User Guide
      • Gitub Workflow
      • MOSIP Java Coding Standards
      • MOSIP REST API guidelines
      • Registration Client UI Developer Document
      • Registration Client Developer Documentation
      • Security Tools
    • Testing
      • Test Rig Design
      • Tester Documentation
      • Testing Attachments Kernel
  • APIs
    • ABIS APIs
    • Admin APIs
    • AuthN and AuthZ APIs
    • Biometric SDK APIs
    • BlacklistedWords APIs
    • Common APIs
    • Device APIs
    • Device Type and Subtype APIs
    • Device Management APIs
    • Document APIs
    • Dynamic Fields APIs
    • Holiday APIs
    • ID Authentication APIs
    • ID Repository APIs
    • ID Schema APIs
    • Kernel APIs
    • Machine APIs
    • Master Data Biometric APIs
    • Packet APIs
    • Packet Manager APIs
    • Partner Management Service APIs
    • Pre Registration APIs
    • Registration Center APIs
    • Registration Processor APIs
    • Resident Service APIs
    • Sync Data APIs
    • Template APIs
    • Zone APIs
  • Older Releases
    • Release Notes 1.1.5
      • Enhancements
      • Defect Fixes
      • Patches
        • Patch 1.1.5.5
        • Patch 1.1.5.5-P1
    • Release Notes 1.1.4
      • Enhancements
      • Defect Fixes
    • Release Notes 1.1.3
      • Features
      • Bug Fixes
    • Release Notes 1.1.2
      • Features
      • Bug Fixes
    • Release Notes 1.1.1
      • Bug Fixes
      • Artifact Version
    • Release Notes 1.1.0
      • Features
      • Bug Fixes
      • 1.2.0 Features
      • Artifact Version
    • Release Notes 1.0.6
    • Release Notes 1.0.5
    • Release Notes 1.0.0
      • Features
    • Release Notes 0.9.0
  • Roadmap
    • Roadmap Activities
  • Revision History
  • License
Powered by GitBook
On this page
  • SecurityConfig
  • AuthFilter
  • AuthHeadersFilter
  • AuthProvider
  • AuthSuccessHandler
  • AuthEntryPoint
  • AuthToken
  • AuthUserDetails
  • ClientInterceptor
  • MosipUser
  • AuthControllerAdvice

Was this helpful?

Export as PDF
  1. Modules
  2. Kernel

Auth Adapter

PreviousAuthentication and Authorization FunctionalityNextAuth Implementation

Last updated 3 years ago

Was this helpful?

Auth adapter is a package that needs to be injected into Mosip's applications exposing REST API's inorder to secure them.

Auth Adapter Flow

Auth Adapter includes following class definitions:

  1. SecurityConfig

  2. AuthFilter

  3. AuthHeadersFilter

  4. AuthProvider

  5. AuthSuccessHandler

  6. AuthEntryPoint

  7. AuthToken

  8. AuthUserDetails

  9. ClientInterceptor

  10. MosipUser

  11. AuthControllerAdvice

SecurityConfig

Holds the main configuration for authentication and authorization using spring security.

Inclusions:

  • AuthenticationManager bean configuration:

    • This is assigned an AuthProvider that we implemented.

    • RETURNS an instance of the ProviderManager.

  • AuthFilter bean configuration:

    • This extends AbstractAuthenticationProcessingFilter.

    • Instance of the AuthFilter is created.

    • This filter comes in line after the AuthHeadersFilter.

    • Binds the AuthenticationManager instance created with the filter.

    • Binds the AuthSuccessHandler created with the filter.

    • RETURNS an instance of the AuthFilter.

  • RestTemplate bean configuration:

    • Binds the ClientInterceptor instance with the RestTemplate instance created.

    • RETURNS an instance of the RestTemplate.

  • Secures endpoints using antMatchers and adds filters in a sequence for execution.

AuthFilter

AuthFilter is bound with AuthenticationManager to attempt authentication.

Attempt Authentication tasks:

  • Receives "Authorization" Header from request headers.

  • Use the assigned Authentication manager to authenticate with the token.

AuthHeadersFilter

This filter is going to act as a CORS filter. It is assigned before AuthFilter in the filter chain.

Tasks:

  • Sets headers to allow cross origin requests.

  • Sets header to allow and expose "Authorization" header.

AuthProvider

Contacts auth server to verify token validity.

Tasks:

  • Contacts auth server to verify token validity.

  • Stores the response body in an instance of MosipUser.

  • Updates token into SecurityContext.

  • Bind MosipUser instance details with the AuthUserDetails that extends Spring Security's UserDetails.

AuthSuccessHandler

Handles successful authentication. If any action needs to be done after successful authentication, this is where you have to do it.

AuthEntryPoint

Captures and sends "UnAuthorized" error.

AuthToken

  • Used in AuthProvider for token details.

  • This extends UsernamePasswordAuthenticationToken class.

AuthUserDetails

Used by spring security to store user details like roles and use this across the application for Authorization purpose.

ClientInterceptor

It is used to intercept any http calls made using rest template from this application.

Config:

This is added to the list of interceptors in the RestTemplate bean created in the SecurityConfig.

Tasks:

  • Intercept all the requests from the application and do the below tasks.

  • Intercept a request to add auth token to the "Authorization" header.

  • Intercept a response to modify the stored token with the "Authorization" header of the response.

MosipUser

Mosip user is the standard spec that will be tuned based on the details stored in ldap for a user.

AuthControllerAdvice

Adds latest token to the response headers before it is committed.