Trait writium_auth::Authority
[−]
[src]
pub trait Authority: 'static + Send + Sync { type Privilege: 'static; fn authorize(&self, pr: Self::Privilege, req: &Request) -> Result<()>; }
An authority is who recognizes a remote and decides whether it is capable of
accessing to certain resources and taking certain actions, using information
provided in its request sent.
It is hightly recommended to let an authority to manage privilege for
unsafe HTTP methods, i.e., DELETE, PATCH and PUT.
Authentication and Authorization
Authentication is the process the authority extract credential from a request, match the credential with an corresponding identity, and map the identity into an internal representation.
Authorization is the process the authority check whether the inquired priviledge is available for an identity.
Authentication could be a part of the authorization process.
The separation is not forced here because the use of future
as result,
because it is awful when we have to borrow self
in future calls.
Associated Types
type Privilege: 'static
A value denoting the privilege the system withholds. Generally, an enum
or a string namespaced by dot (.
) is used.
Required Methods
Decides whether the identity is capable of being granted with the
inquired privilege.
An implementation SHOULD use the mapped identity and check if the
inquired privilege is available for it. A remote process can be
involved.
Implementors
impl Authority for DumbAuthority type Privilege = ();