Tutorial of Form-based Auth - Security

Goal of this tutorial is to demonstrate aah framework Form-based Auth security implementation. It is easy and robust implementation.

Before you begin, I would request you to take a moment to read security design of aah, Authentication and Authorization.

How to get the aah tutorials source code?

go get -u -d github.com/go-aah/tutorials


Focus on following files/directory:

  form-based-auth/app/controllers/app.go
  form-based-auth/app/controllers/admin/dashboard.go
  form-based-auth/app/security/*
  form-based-auth/config/security.conf
  form-based-auth/config/routes.conf
  form-based-auth/views/pages/*

Explanation

  • controllers package
    • Implements Login, Logout, Admin dashboard, etc.
  • security package
    • Implements interface authc.Authenticator to provide Subject’s authc.AuthenticationInfo to Security Manager. Then Security Manager does the credentials validation.
    • Implements interface authz.Authorizer to provide Subject’s Roles and Permissions to Security Manager.
    • Implemented security interfaces security/FormAuthenticationProvider & security/FormAuthorizationProvider gets registered in security.conf
  • views directory
    • Implements pages for respective controller action with Authorization using template functions.
  • security.conf has Form Auth Scheme configuration, form fields and Session Management configuration.
  • routes.conf has default_auth = "form_auth" defined for all routes and respective auth attribute defined for certain route as appropriate.

Let’s see it in the action

aah run -i github.com/go-aah/tutorials/form-based-auth

Now visit this URL in your browser :)

Now it will take you to the login page. From there it self explanatory. Happy coding!

Navigate around using these URL for all the demo users and observe the application logs to see more information.



Spread the word of aah, the web framework for Go. Thank you!

  Need Help?

  •   Chat on Gitter
  •   Github Issues
  •   Ask on StackOverflow - tag aahframework