Skip to content

Auth request Filters

Securing web services using BDRC Auth library requires to filter all incoming requests in order to instantiate an Access object, to be put in the request context for later usage within a BUDA service.

Filtering basics

The main functions of an Auth filter are:

  • Looking up for an Auth0 token: this token can be found either in the "Authorization" or the "Cookie" header of the request.

  • Querying the RDF Auth Model for the requested service path in oder to determine if this path is secured or not.

  • Instantiating an Access object to be used accross the application from the request context.

  • granting or denying access to the requested service path (the auth filter is therefore the actual and direct implementation of the Endpoint access control mechanism)

filter

Filter implementation examples

On Ldspdi

RdfAuthFilter (here)

On BUDA IIIF Server

IIIFRdfAuthFilter (here)

On BUDA IIIF presentation server

IIIFPresAuthFilter (here)

Remark:

Ldspdi is mostly using Endpoint access control features of the Auth library while both IIIF services -having public endpoints- use exclusively Resource based Access control.