Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

better support for application level authentication #2322

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

better support for application level authentication #2322

wants to merge 12 commits into from

Conversation

boaks
Copy link
Contributor

@boaks boaks commented Jan 15, 2025

For some application and proxies, it may be advantageous to use a common HTTP authentication pattern, where the client stays on TLS level anonymous and applies it's authentication then on application level, e.g. username/password or tokens.
This PR improves the support for that by adding an ApplicationPrincipal, an ApplicationAuthorizer and a new configuration "DTLS.APPLICATION_AUTHORIZATION", which enables the new anonymous client support.
If enabled, anonymous clients will be removed after a short time (about 2-3 minutes), if the application doesn't authorize them using the ApplicationAuthorizer.

boaks added 4 commits January 14, 2025 18:12
@boaks
Cleanup endpoint context matcher.
39c17d8 
Signed-off-by: Achim Kraus <[email protected]>
@boaks
Add exeucteForced to SerialExecutor.
f435e30 
Ensure to execute tasks, after shutdown.

Signed-off-by: Achim Kraus <[email protected]>
@boaks
Connection: adapt and correct javadoc.
90b6c8c 
Add execute.

Signed-off-by: Achim Kraus <[email protected]>
@boaks
Cleanup prinicpals.
bc3d670 
Cleanup javadoc of principals.

Signed-off-by: Achim Kraus <[email protected]>
boaks added 6 commits January 15, 2025 09:26
@boaks
Add covariant functions to AsyncCertificateVerifier.Builder.
ed275ad 
Remove obsolete casts.

Signed-off-by: Achim Kraus <[email protected]>
@boaks
Add assertCondition to TestConditionTools.
6a9cc26 
Signed-off-by: Achim Kraus <[email protected]>
@boaks
Ensure valid internal session ID for anonymous clients.
9295231 
Signed-off-by: Achim Kraus <[email protected]>
@boaks
Use Lambda instead of Runnable in Handshaker.
1c77828 
Signed-off-by: Achim Kraus <[email protected]>
@boaks
Use Lambda in DTLSConnector.
5bc7155 
Use Connection ID to identify DLTS context also for outgoing messages,
if available.

Signed-off-by: Achim Kraus <[email protected]>
@boaks
Cleanup javadoc in HelloHandshakeMessage.
6482560 
Signed-off-by: Achim Kraus <[email protected]>
@boaks boaks changed the title better support for applaction level authentication better support for application level authentication Jan 22, 2025
boaks added 2 commits January 22, 2025 15:09
@boaks
Fix cipher-suite selection for anonymous clients.
43309c3 
If the CertificateAuthenticationMode.WANTED is used but no common client
certificate type is available, don't fail.

Signed-off-by: Achim Kraus <[email protected]>
@boaks
Add application level authorization.
e48b3e1 
Enables better support for clients using an anonymous DTLS handshake and
authorize the request then on the application level, e.g.
username/password or tokens. In combination with proxies, this enables
the "offload" the authentication from dtls and move it into the REST
API.

Signed-off-by: Achim Kraus <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@boaks