Introduction

So you've created your service and deployed it. Now let's show you how to secure it.

SOAJS provides a multitude of state of the art security features. Click here to learn more about them.

Objective

This space will show you preliminary steps to secure your service:

Turn on Multi-Tenancy
Create a Product
Create a Package
Edit a Package ACL
Grant access to owner
Learn about tenants

Turn on Multi-Tenancy

Making your service multitenant is very easy, simply set extKeyRequired to true in the service's config.js file

config.js

'use strict';

module.exports = {
   "serviceVersion": 1,
   "serviceName": "servicesconfig",
   "serviceGroup": "SOAJS Services Config Example",
   "servicePort": 4130,
   "requestTimeout": 30,
   "requestTimeoutRenewal": 5,

   "extKeyRequired": true,

   "errors": {},
   "schema": {
      "/get": {
         "_apiInfo": {
            "l": "get name",
			"group": "Example"
         }
      }
   }
};

Create a product

From the dashboard, go to Manage pillar → Productization

List Products	Add New Product	See your Product
Once there, you should see the default Dashboard Product with two packages in it.	Click on "Add New Product" and fill in the form.	You should now see an empty product right below the Dashboard Product.

Create a package

Add your Package	List Product Packages
Add a new package in you product so you can configure its ACL.	Similarly to the above, click add new package and fill in the form.

Recap

So far, we've added a new product and added a new package inside it. Before continuing, we have to configure the ACL of the package.

The ACL is what will allow or deny access to the microservices and their APIs.

Edit a package ACL

Click on "Edit Package ACL" and you will be taken to a new page where you see the list of all activated services grouped under environment codes.

Check all the boxes of the services you want to allow this package to access.

The ACL works per environment, meaning if you deployed the same service in multiple environments, you can allow this package to access the service in one environment and prevent it in another.

You can learn more about deploying environments, check out the Deploy Pillar page.

Note

When you check a service, it will expand and you will see 2 radio button: public and private.

Selecting public grants access to the service/API for anonymous users whereas private enforces that service/API access is only allowed for logged in users.

Grant Access to Owner

After deploying your services on DEV, you need to grant access for the owner package to use them as well.

Under the Manage Pillar. Choose Productization.
Then click to edit the Acl of the DSBRD_OWNER package.

Finally, choose the ACL of your service as you require and you're good to go!

Tenants

Now that your service is secured, learn how to create tenants and give them access rights by visiting this page.

Conclusion

We just showed you how to turn on multitenancy in your service so you can call it from different tenants without replicating the code.

Imagine you have a service that provides both Mail and Calendar Features.

Some of your clients purchased a license to use the Mail only while others use the Calendar. Some clients purchased licenses to use both features. Then at a later stage, client 1 that only had access to the Mail feature decides to upgrade and get a new license to use both features.

Adding to that, consider that you have clients who dispose of administrator groups and members, so some of their users require additional permissions than the others. All this is achievable using SOAJS, its features allow to accomplish all these scenarios without modifying a single line of code in your service.

SOAJS has a lot to offer, head to the quick demo and see all the above in action.

Browser not supported