Implement Access Enforcement point in CleverMicro #13

Closed
opened 2025-05-01 08:26:20 +00:00 by stanislav.hejny · 1 comment

Ref epic: #103

CleverMicro shall implement an Access Enforcement point, where it will ensure that:

  1. every request is authenticated (it will rely on valid JWT token being present in the request)
  2. that user / client invoking the request is authorized to access the resource identified by the request's URL

1.1 - implement JWT verification logic - token validity and subject match
1.2 - implement /login endpoint allowing client to obtain valid JWT token after providing valid credentials
1.3 - implement a microservice that will allow permission management

2.1 design the user permissions system
2.2 design the user permission actual implementation (choose storage solution, schema design, entity representation, and document the design details)
2.3 implement the actual user permission, and define/implement access / CRUD queries that will allow request authorisation and permission management

Ref epic: [#103](https://git.cleverthis.com/clevermicro/clevermicro/issues/103) CleverMicro shall implement an Access Enforcement point, where it will ensure that: 1. every request is authenticated (it will rely on valid JWT token being present in the request) 2. that user / client invoking the request is authorized to access the resource identified by the request's URL 1.1 - implement JWT verification logic - token validity and subject match 1.2 - implement /login endpoint allowing client to obtain valid JWT token after providing valid credentials 1.3 - implement a microservice that will allow permission management 2.1 design the user permissions system 2.2 design the user permission actual implementation (choose storage solution, schema design, entity representation, and document the design details) 2.3 implement the actual user permission, and define/implement access / CRUD queries that will allow request authorisation and permission management
Author
Member

Closing Epic as it has been split and recreated in the correct Repo

Closing Epic as it has been split and recreated in the correct Repo
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Depends on
You do not have permission to read 3 dependencies
Reference: clevermicro/user-management#13
No description provided.