Secure your Service
- Joe Kanaan (Unlicensed)
- antoine hage
- Michel El Hajj (Unlicensed)
- Antoine Hage (Unlicensed)
Introduction
So you've created your service and deployed it. Now let's show you how to secure it.
SOAJS provides a multitude of state of the art security features. Click here to learn more about them.
Objective
This space will show you preliminary steps to secure your service:
Turn on Multi-Tenancy
Making your service multitenant is very easy, simply set extKeyRequired to true in the service's config.js file
'use strict';
module.exports = {
"serviceVersion": 1,
"serviceName": "servicesconfig",
"serviceGroup": "SOAJS Services Config Example",
"servicePort": 4130,
"requestTimeout": 30,
"requestTimeoutRenewal": 5,
"extKeyRequired": true,
"errors": {},
"schema": {
"/get": {
"_apiInfo": {
"l": "get name",
"group": "Example"
}
}
}
};
Create a product
From the dashboard, go to Manage pillar → Productization
| List Products | Add New Product | See your Product |
|---|---|---|
Once there, you should see the default Dashboard Product with two packages in it.
| Click on "Add New Product" and fill in the form.
| You should now see an empty product right below the Dashboard Product.
|
Create a package
| Add your Package | List Product Packages |
|---|---|
Add a new package in you product so you can configure its ACL.
| Similarly to the above, click add new package and fill in the form.
|
Recap
So far, we've added a new product and added a new package inside it. Before continuing, we have to configure the ACL of the package.
The ACL is what will allow or deny access to the microservices and their APIs.
Edit a package ACL
Click on "Edit Package ACL" and you will be taken to a new page where you see the list of all activated services grouped under environment codes.
Check all the boxes of the services you want to allow this package to access.
The ACL works per environment, meaning if you deployed the same service in multiple environments, you can allow this package to access the service in one environment and prevent it in another.
You can learn more about deploying environments, check out the Deploy Pillar page.
Note
When you check a service, it will expand and you will see 2 radio button: public and private.
Selecting public grants access to the service/API for anonymous users whereas private enforces that service/API access is only allowed for logged in users.
Grant Access to Owner
After deploying your services on DEV, you need to grant access for the owner package to use them as well.
Under the Manage Pillar. Choose Productization.
Then click to edit the Acl of the DSBRD_OWNER package.
Finally, choose the ACL of your service as you require and you're good to go!
Tenants
Now that your service is secured, learn how to create tenants and give them access rights by visiting this page.
Conclusion
We just showed you how to turn on multitenancy in your service so you can call it from different tenants without replicating the code.
Imagine you have a service that provides both Mail and Calendar Features.
Some of your clients purchased a license to use the Mail only while others use the Calendar. Some clients purchased licenses to use both features. Then at a later stage, client 1 that only had access to the Mail feature decides to upgrade and get a new license to use both features.
Adding to that, consider that you have clients who dispose of administrator groups and members, so some of their users require additional permissions than the others. All this is achievable using SOAJS, its features allow to accomplish all these scenarios without modifying a single line of code in your service.
SOAJS has a lot to offer, head to the quick demo and see all the above in action.