Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authz

C6a8cb5e13aa716521d522471ec4e4cd?s=47 ma2k8
PRO
July 29, 2020
Technology
0
260

 Authz

社内勉強会用

C6a8cb5e13aa716521d522471ec4e4cd?s=128

ma2k8
PRO

July 29, 2020
Tweet

More Decks by ma2k8

See All by ma2k8
アルプの 認証/認可分離戦略と手法
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
2
440
AuthzCtx - Alp社内共有会
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
0
21
アルプのEff独自エフェクト集 / Alp-original ’Eff’ pearls
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
1
530
Scalebaseバックエンド構成について/the backend design of Scalebase
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
0
4.1k
SQL Meisterへの道 ~更新編~ / sql-meister-CUD
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
0
1.5k
SQL Meisterへの道 ~基礎〜参照編~ / sql-meister-R
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
0
1.7k
CQRS+ESをKinesis,Spark,RDB,S3でやってみた
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
0
2.8k
The advantage of using ’Eff’ in Scala Project
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
2
11k
let_s_use_Eff.pdf
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
1
38

Other Decks in Technology

See All in Technology
WACATE 2022 夏 ワークショップの目的
Add1036688abcb2e3dbff7c3090f7e35?s=48 imtnd
0
120
誰が正解を知っているのか / Who knows the right answer
95aaab3d693889550fd2e7ae02f2f789?s=48 takaking22
1
230
【toranoana.deno#7】Denoからwasmを呼び出す基礎
6ab47a68ee78e84c34731ce12333deff?s=48 toranoana
0
120
さいきんのRaspberry Pi。 / osc22do-rpi
74476e142a767a018d68c5e72e34ee2f?s=48 akkiesoft
5
5.1k
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
3115a782126be714b5f94d24073c957d?s=48 oracle4engineer
PRO
10
18k
MRTK3 - DataBinding and Theming 入門
Fccbd625997f63e7b251d9725cb905a5?s=48 futo23
0
180
Data in Google I/O - IO Extended GDG Seoul
3bd69093dbe39b14603242b96cfbd7c6?s=48 kennethanceyer
0
150
Build 2022で発表されたWindowsアプリ開発のあれこれ振り返ろう
49bf5c26799bbfb3d445c757c1fe8374?s=48 hatsunea
1
380
Scrum Fest Osaka 2022 段階的スクラムマスターのススメ
68073cc248e24e0b94cc6895e5c4710f?s=48 orimomo
0
750
Azure Arc Virtual MachineとAzure Arc Resource Bridge / VM provisioning through Azure portal on Azure Stack HCI (preview)
D99b8f4147592e467fa5e778d45734e7?s=48 sashizaki
0
120
JAWS-UG re:Habilitaion 報告 / JAWS-UG OITA rehabilitation
5acaf9241f1c2e50f3bff920050ae597?s=48 hiranofumio
0
120
スクラムのスケールとチームトポロジー / Scaled Scrum and Team Topologies
4dd89003cc8fe9f21d67b0c99b773436?s=48 daiksy
1
430

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
181
15k
Learning to Love Humans: Emotional Interface Design
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
37k
StorybookのUI Testing Handbookを読んだ
50fc0fdc2327ecbe7350645812de52e3?s=48 zakiyama
5
2.2k
Fantastic passwords and where to find them - at NoRuKo
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
27
1.5k
The Web Native Designer (August 2011)
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.9k
Fight the Zombie Pattern Library - RWD Summit 2016
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
226
15k
Put a Button on it: Removing Barriers to Going Fast.
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
56
2.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
269
11k
Happy Clients
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
89
5.6k
Gamification - CAS2011
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.9k
Building Adaptive Systems
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
25
1.1k
It's Worth the Effort
Ba530e786553390f3fb271848485681c?s=48 3n
172
25k

Transcript

  1. AuthZ

  2. Agenda 1. AuthZͱAuthNͷҧ͍ 2. ೝՄͷछྨ 3. AuthzIOͷσʔλߏ଄ 4. AuthzIOͷίϚϯυ 5.

    ·ͱΊ

  3. 1. AuthZͱAuthNͷҧ͍

  4. େલఏ ೝূʢAuthNʣͱೝՄʢAuthZʣ ͸ ࣅͯඇͳΔ֓೦Ͱ͋Δ

  5. ೝূ ~AutheNtication ~ ର৅͕ʮ୭ʯͰ͋Δ͔Λಛఆ͢Δ

  6. ೝՄ ~AuthoriZation ~ ೚ҙͷϦιʔεʹର͠ɺ ೚ҙͷΞΫγϣϯͷڐՄ/ڋ൱Λ੍ޚ͢Δ

  7. զʑਓؒ΋ɺࢹ֮,ௌ֮,ᄿ֮ͳͲ ༷ʑͳ৘ใΛ࢖ͬͯଞਓΛೝূ͍ͯ͠Δɻ ͦͯ͠ɺೝূͨ͠ଞਓ͕ʮ୭ʯͰ͋Δ͔ʹΑͬ ͯߦಈΛೝՄ͍ͯ͠Δɻ(ΑͶʁ)

  8. ※஌Βͳ͍ਓʢೝূΤϥʔʣʹ ͍͖ͳΓ੠͔͚ΒΕͨΒʢೝՄΤϥʔʣϏϏΓ·͢ɻɹ

  9. γϯϓϧͳཁ݅Ͱ͸ ೝূͱೝՄ͸ࠞಉ͞Ε͕ͪɻ

  10. ୭Ͱ͋Δ͔͕෼͔Ε͹ɺ ԿΛೝՄ͢Δ͔͸ࣗ໌͔ʁ

  11. ͜ͷ໰͍͸ ʮҕৡʯͷඞཁ͕ͳ͚Ε͹ਅ ͋Ε͹ِͱͳΔ

  12. γϯϓϧͳೝূ/ೝՄ ᶃೝূཁٻ(ID/Pass) ᶄೣഎϚϯͰ͋Δ͜ͱΛ֬ೝ ᶅೣഎϚϯʹೝՄ͞Εͨ ΞΫγϣϯΛ࣮ߦͰ͖Δ ϢʔβʔೣഎϚϯ ͘͢͝γϯϓϧͳγεςϜ

  13. ࣮૷Λߟ͑ͯΈΔ • ೝূ • ϩάΠϯ੒ޭͨ͠ΒτʔΫϯΛฦ͢ • ͦΕͧΕͷAPI͸τʔΫϯ͕ਖ਼ৗͳΒޙଓͷॲཧΛڐՄ͢ Δ • ͜͜ʹೝՄΛ࣮૷͢Δͱͨ͠Βʁ

    • (Ϣʔβʔ|ϩʔϧ)ݻ༗ͰڐՄ͍ͨ͠ΞΫγϣϯ͸ΦϖϨʔ λʔID΍ϩʔϧIDͱඥ෇͚ͯϗϫΠτϦετ/ϒϥοΫϦ ετͰอଘ͠ɺAPIͷॲཧͷલఏ৚݅ͱ͢Δ

  14. ҕৡ༗Γೝূ/ೝՄ ᶃӾཡݖݶΛҕৡͨ͠ΩʔΛൃߦ ϢʔβʔೣഎϚϯ bot౳ͷ೚ҙͷ࣮ߦऀ APIΩʔ ᶄΩʔΛར༻͠ɺҕৡ͞ΕͨΞΫγϣϯΛ࣮ߦ͢Δɻ ɹΩʔͷೝূ͸ߦ͏͕ɺೣഎϚϯ͔൱͔΍ɺ ɹ࣮ߦऀ͕୭Ͱ͋Δ͔ͷೝূ͸ߦΘͳ͍ɻ ͘͢͝ෳࡶͳγεςϜ

  15. ࣮૷Λߟ͑ͯΈΔ • ೝূ • Ϣʔβʔ͸APIΩʔΛ࡞ΕɺͦΕΛ౉ͤ͹ࣗ෼ͷID/PassΛڞ༗ͤͣͱ΋ࣗ෼ ͷ࣋ͭݖݶΛҕৡͰ͖Δ • APIΩʔͷೝূ͸ߦ͏(firebaseͰ΍ͬͯ·͢Ͷ) • APIΩʔ͸ిंͷ੾ූͷΑ͏ͳ΋ͷɻ੾ූΛങͬͨਓ͸֬ೝ͠ͳ͍͚Ͳ੾

    ූ͸֬ೝ͢Δ • ೝՄ • લड़ͷϢʔβʔ΍ϩʔϧʹඥ͚ͮͯͷೝՄॲཧ࣮૷Λߦ͏ͱڽू౓ͷ௿͍࣮ ૷ʹͳΔͷ͕ΠϝʔδͰ͖ΔͩΖ͏͔ɾɾɾ • લड़ͷ࣮૷ͩͱɺ੾ූͷ֬ೝΛߦ͍͍ͨͷʹɺ੾ූͷൃߦऀ·ͰͨͲΔ͜ ͱʹͳͬͯ͠·͏ɻ

  16. APIΩʔΛྫʹग़͕ͨ͠ɺ͔ͬ͠Γ࡞Ε͹ inviteϦϯΫʹ࢖ͬͯΔτʔΫϯͳͲ৭Μͳॴʹྲྀ༻ՄೳͰ͢ɻ ʢ͢Δ͔͸ผͷ࿩) ಉ͡Α͏ͳॲཧΛ ৭Μͳॴʹಠ࣮ࣗ૷ͤͣʹࡁΉ

  17. 2. ೝՄͷछྨ

  18. ACL ʢAccess Control Listʣ ▪ͲΜͳ΍ͭʁ □ ΞΫηεϦετ □ ໊લ͕ొ࿥͞ΕͯΕ͹OKͳγϯϓϧͳ΍ͭ ▪Pros

    □ γϯϓϧ ▪Cons □ γϯϓϧ͗ͯ͢ࡉ੍͔͍ޚ͸Ͱ͖ͳ͍

  19. RBAC ʢRole-Based Access Controlʣ ▪ͲΜͳ΍ͭʁ □ ϩʔϧΛׂΓৼΔ΍ͭ ▪Pros □ υϝΠϯݴޠͱϚονͤ͞΍͍͢

    □ ACLΑΓࡉ੍͔͍ޚ͕Մೳ ▪Cons □ Role explosion ίϯςΩετAͰ͸ϩʔϧAɺίϯςΩετBͰ͸ϩʔϧBͳͲɺ ෳࡶ౓΍ߋʹࡉ੍͔͍ޚ͕ͨ͘͠ͳΔͱϩʔϧ͕૿͑͗ͯ͢ഁ୼͢Δ ʢRoleAʹActionAΛ௥Ճ͍͚ͨͩ͠ͳͷʹ৽ͨͳϩʔϧΛ࡞੒͢Δ౳…) □ ໾ׂʹറΒΕ͗͢Δ Ұ࣌తͳݖݶ΍ɺϢʔβʔͷଐੑ΍ΞΫγϣϯͳͲʹΑͬͯॊೈʹݖݶ෇༩͢Δ͜ͱ͕೉͍͠ ʢࣄલʹϩʔϧΛ༻ҙ͠ͳ͍ͱ͍͚ͳ͍ͷͰ)

  20. ABAC ʢAttribute-Based Access Controlʣ ▪ͲΜͳ΍ͭʁ □ ڐՄ/ڋ൱͢ΔΞΫγϣϯ΍ଐੑΛׂΓৼΔ΍ͭ ▪Pros □ RBACΑΓॊೈ͔ͭࡉ੍͔͍ޚ͕Մೳ

    ▪Cons □࣮૷͕େม

  21. AuthzIO͸ABACͰ͢ ※Action-Attributeʹߜ͍ͬͯΔ

  22. 3. AuthZIOͷσʔλߏ଄

  23. ߏ੒ཁૉ AttachedPolicy ├AccountId └Seq[Policy] ├Action ├PermissionReason ├Seq[Resource] └ExpirationDate

  24. AttachedPolicy • AccountId + AccountʹׂΓ౰ͯΒΕͨϙϦγʔͷϦετ Λ΋ͭAuthzίϯςΩετͷू໿ • Account͸ID + AccountType

    ͔Β੒ΓɺOperator,API Key౳ͷPrincipalΛಉ͡ܕͰ؅ཧͰ͖ΔͷͰݖݶΛಉ͡ σʔλߏ଄ͰҰݩతʹ؅ཧ͢Δ͜ͱ͕Ͱ͖Δ

  25. Policy • ݖݶͷجຊ୯Ґ • Action + PermissionReason + Seq[Resource] +

    ExpirationDateͰߏ੒͞ΕΔ

  26. Action • ͦͷ໊ͷ௨ΓAction • ADTͰఆ͓ٛͯ͠ΓɺStringʹΤϯίʔυ͢ΔͱͷΑ͏ ͳܗʹͳΔɻ(DBʹೖΔͱ͖΋͜Ε) • s"${αʔϏε໊}:${Action಺༰}" • “Dashboard:AnalysisViewer”

    తͳ • αʔϏεͷ୯Ґ͸ίϯςΩετʹ͢Δ͔΋

  27. ExpirationDate • ݖݶͷ༗ޮظݶ • ݖݶ͸՝ۚ৘ใ౳Λ֬ೝͯ͠όονͳͲͰఆظత ʹফͨ͠Γ͢Δͱ൥ࡶʹͳ͍ͬͯ͘ͷͰظݶ͕͖ Ε͍ͯΔݖݶ͸ϥΠϑαΠΫϧ಺Ͱࣗવʹফ͑ͯ ͍͘Α͏ʹ͢Δ

  28. Resource • ΞΫγϣϯͷର৅ • ResourceΛࢦఆͤͣʹߦ͏ActionͰ͸ར༻͠ͳ͍ • ݱঢ়͸ResourceຖʹظݶΛઃఆ͍ͨ͠৔߹͸2ͭϙϦ γʔΛ࡞͍ͬͯΔʢॲཧ؆ུԽͷͨΊ)

  29. PermissionReason • ݖݶ͕෇༩͞Εͨཧ༝(༝དྷ) • ※ྫɿ • CloudSignͰܖ໿Λ݁Μͩ • खಈͰҰ࣌తʹ෇༩ͨ͠ •

    τϥΠΞϧͰظؒݶఆ෇༩౳ • ͜Ε͸ίϯςΩετ͝ͱʹϞδϡʔϧΛ੾Δ൑அΛԼͨ͠ γεςϜಛ༗ͷ͋ͬͨ΄͏͕ྑ͍৘ใͱ͍͑Δ͔΋ • ڽूੑΛߴΊΔͨΊʹ͜ͷ৘ใ͕ඞਢ

  30. PermissionReasonΛগ͠ਂ΅Δ

  31. ίϯςΩετΛ·͙ͨݖݶ෇༩/ണୣͷॲཧΛ࣮ߦ͢Δࡍʹɺ ॲཧ࣮ߦݩͷίϯςΩετ͸Reason͑͞஌͍ͬͯΕ͹ྑ͍ͷͰ ࣮૷͕ͱͯ΋γϯϓϧʹͳΔ

  32. ྫͱͯ͠ ͱ͋ΔτϥΠΞϧݖݶΛ ࡟আ͢ΔॲཧΛߟ͑Δ

  33. Authzͷఆظόον AuthN-API PermissionReasonφγ ͷͺͯ͌ʔΜ Authz-DB ͦͷଞͷίϯςΩετ΍ ֎෦API ᶃτϥΠΞϧঢ়ଶ͕༗ޮͰ͋Δ͔֬ೝ ᶄτϥΠΞϧҎ֎ͷํ๏Ͱݖݶ͕ ෇༩͞Ε͍ͯΔՄೳੑΛ֬ೝ

    ᶅݖݶΛ࡟আ

  34. ॲཧͷର৅ͱ͍ͨ͠ݖݶ͕Կ༝དྷ͔͸ γϯϓϧͳγεςϜͳΒݩσʔλݟΕ͹͍ ͍͡ΌΜͰࡁΉ͕ɺෳࡶʹͳΔͱࢀরઌ͕ ૿͔͑ͯͳΓେม

  35. Authzͷఆظόον PermissionReasonΞϦ ͷͺͯ͌ʔΜ Authz-DB ᶃReason͕τϥΠΞϧͷݖݶΛ࡟আ

  36. ଞʹ΋

  37. ݖݶͱݖݶ෇༩ཧ༝ͷ ϛεϚον • - ଟॏ՝ۚ͸໰୊͕͋Δ৔߹͕ଟ͍ͷͰϢʔβʔ΁௨஌͢Δඞཁ͕͋Δ • - ଟॏݖݶ͸໰୊ͳ͍έʔε΋ଟʑ͋ΔʢτϥΠΞϧͱຊܖ໿͕͔Ϳͬͯͯ΋ผʹྑ͍ΑͶతͳ) • -

    AuthzͷReasonͰଟॏݖݶΛ؅ཧ͠ɺPaymentͰଟॏ՝ۚΛ؅ཧ͢ΔɻೝՄΛ෼཭ͯ͠ͳ͔ͬͨ ΓɺReason͕ͳ͔ͬͨΓ͢Δͱ͜͜ͷ۠ผ͕೉͍͠ • - ҙࣝ͠ͳ͍͜ͱʹΑΔརศੑ΋͋Δ͸͋ΔͷͰɺ • ҙࣝ͠ͳ͍͜ͱʹΑΔརศੑྫ • ͱΓ͋͑ͣࡶʹݖݶΛফ͍ͨ͠έʔε • ෳ਺ͷखஈͰ՝ۚ͞Ε͍ͯΔ৔߹ͷΈΤϥʔʹ͢ΔɻτϥΠΞϧ+1ͭͷ՝ۚखஈͷ৔߹͸྆ ํফ͢ɻτϥΠΞϧͷΈ|1ͭͷ՝ۚखஈͷΈͷ৔߹΋ফ͢౳ͷཁ݅) • ͷΑ͏ʹɺ݁ہࡶʹ͸ফͤͳ͍ͷͰҙࣝ͢Δ͔ɺΤϥʔέʔεΛࣺͯΔ͔ʹͳΔɻ

  38. 4. AuthZIOͷίϚϯυ

  39. ͜Ε͚ͩ • ࢀর/ߋ৽(Show/Add/Remove) • Request(ResourceࢦఆΞϦ/φγ)

  40. ίʔυ sealed abstract class AuthzIO[A] {} // support case class

    ShowPolicy(principal: AccountId) extends AuthzIO[AttachedPolicy] // manage case class AddPolicy(principal: AccountId, policy: Policy) extends AuthzIO[AttachedPolicy] case class AddPolicies(principal: AccountId, policies: Seq[Policy]) extends AuthzIO[AttachedPolicy] case class RemovePolicy(principal: AccountId, policy: Policy) extends AuthzIO[AttachedPolicy] case class RemovePolicies(principal: AccountId, policies: Seq[Policy]) extends AuthzIO[AttachedPolicy] // request case class RequestPolicy(principal: AccountId, actionSeq: Seq[Action]) extends AuthzIO[Unit] case class RequestPolicyToResource( principal: AccountId, principalActionSeq: Seq[Action], // ࢦఆͨ͢͠΂ͯͷΞΫγϣϯʹର͠ɺ resourceSeq: Seq[Resource], // ର৅ͷresource͕ڐՄ͞Εͯͳ͚Ε͹NGͱ͢Δ resourceAllowedActionSeq: Seq[Action] ) extends AuthzIO[Unit] // requestBool case class RequestBoolPolicy(principal: AccountId, actionSeq: Seq[Action]) extends AuthzIO[Boolean] case class RequestBoolPolicyToResource( principal: AccountId, principalActionSeq: Seq[Action], // ࢦఆͨ͢͠΂ͯͷΞΫγϣϯʹର͠ɺ resourceSeq: Seq[Resource], // ର৅ͷresource͕ڐՄ͞Εͯͳ͚Ε͹NGͱ͢Δ resourceAllowedActionSeq: Seq[Action] ) extends AuthzIO[Boolean]

  41. ࢖͍ํΠϝʔδᶃ • RequestBoolΛෳ਺ύλʔϯ࣮ߦͯ݁͠ՌΛ߹੒ͯ͠΋Α͠ • requestBool͸booleanΛฦ͢ͷͰෳ਺ͷ݁ՌΛ෼ղͯ͠νΣοΫͯ͠΋OK(൒؀ͷදݱྗΛ ࣋ͭ(Bool୅਺͸൒؀) • ৄ͘͠͸ ͷهࣄΛࢀর •

    https://www.slideshare.net/oarat/ss-55487535 • ൒؀͸ෛݩ(ϚΠφε)͕ͳͯ͘Ճ๏+৐๏ͷ͋Δू߹ͷ͜ͱͰɺཁ͸ॱ൪Λม͑ͯ΋݁ՌมΘ ΒΜΑͶɻҙຯͰଊ͑Δͱྑ͍(Ϋιͬ͘͟ΓͰ͝ΊΜͳ͍͞) • request͸BooleanΛ͍͍ͪͪ൑ఆ͢Δͷ͕໘౗ͳέʔε΋ଟ͍ͷͰUnitΛฦ͠ɺfalseͷ৔߹͸ Either.leftΛEffʹಥͬࠐΜͰฦͯ͘͠ΕΔͷͰ݁Ռͷ߹੒͕ෆཁͳ৔߹͸͜ΕΛ࢖͏ • ShowͰPolicyҾͬு͖֤ͬͯͯίϯςΩετͰࡉ͔͍ॲཧͯ͠΋Α͠ʢ͋·Γ૝ఆ͸͍ͯ͠ͳ͍) • enforce(σʔλͷϑΟϧλ౳)͸ɺAuthzIOʹRepository౉ͯ͠InterpreterͰϑΟϧλͰ͖ΔΑ͏ ʹ͢Δͷ΋ߟ͕͑ͨந৅౓ߴ͘ͳΓ͗͢Δׂʹ࢖͍ʹ͍͘͠ɺΧόʔͰ͖Δ༻్΋ڱ͘ͳΓͦ͏ ͩͬͨͷͰɺΘ͔Γ΍֤͘͢ίϯςΩετͷDomainServiceͰrequestͷ݁ՌΛݩʹϑΟϧλ͢Δ ͷ͕ྑ͍ͱ൑அͨ͠ɻ

  42. ࢖͍ํΠϝʔδᶄ

  43. ࢖͍ํΠϝʔδᶅ • ͜ͷΑ͏ʹɺ൑ఆ͢Δཁૉ͕͍ͭ͘૿͑ͯ΋|| &&ͷԋࢉ ͰରॲͰ͖Δ • ྫ͑͹ɺ͓͔ΘΓϓϥϯ nճ໨͔ͭɺΩϟϯϖʔϯίʔ υhogeΛར༻ͨ͜͠ͱ͕͋ΓɺաڈʹTOEIC,egs,Bizʹ ೖͬͨ͜ͱ΋͋Δ΍͚ͭͩʹݖݶΛ༩͑ΔʂΈ͍ͨͳཁ

    ݅΋γϯϓϧʹදݱͰ͖Δʢଋͩͱ΍͹͍

  44. ൒؀ͱଋ • ଋ͸ScalaͷܕͷAny <-> Nothing ΛΠϝʔδ͢Ε͹OK • ࢝఺ͱऴ఺͕ܾ·͓ͬͯΓɺͦͷؒͷͲΕ͔ʹܕ͸ଐ͢Δ • ݖݶΛ͜ͷߏ଄Ͱදݱ͢Δͱɺ͋ΒΏΔ૊Έ߹ΘͤΛܕʹམͱ͢ඞཁ͕͋Γɺexplosion͢Δ

    ʢݱঢ়͸ɺEgsAndTOEIC, EgsAndBiz, EgsAndPersonalCoachͳͲΛbitԋࢉΆ͘ѻͬͯΔͷ Ͱগ͠Ϛγ͕ͩɺ͜ΕʹҰͭҰͭܕΛ͚ͭΔͱ͖ͼ͍͠) • ൒؀͸BooleanΛΠϝʔδ͢Ε͹OK(Booleanͱ४ಉܕͰ͋ΔɻBool؀) • ධՁ͢Δॱ൪Λม͑ͯ΋݁Ռ͸มΘΒͳ͍ • ࿨ͱੵͷ2ͭͷԋࢉΛ΋ͭू߹Ͱɺަ׵,݁߹,෼഑ͷଇΛຬͨ͢ • A = (true && false) => false • B = (false || true) => true • C = A && B = false • A,Bʹग़ͯ͘Δɺtrue,falseΛͲ͏ೖΕସ͑ͯ΋Cͷ݁Ռ͸มΘΒͳ͍ΑͶΈ͍ͨͳ͜ͱ͕ݴ͍͍ͨ (Ϋιͬ͘͟ΓͰ͝ΊΜͳ͍͞) • ݖݶ͸৭ΜͳཁૉΛߟྀ͢Δඞཁ͕͋Δ͔Β͜ͷߏ଄͕ࢫ͍

  45. 5. ·ͱΊ

  46. • ೝূͱೝՄ͸෼཭͠ͳ͍ͱෳࡶͳཁ݅Λ࣮ݱ͢Δࡍʹ௧ΈΛ൐͏ • ೝՄํࣜ͸ABACΛ࠾༻ • Authz͸൒؀ߏ଄Λ࠾༻ͯ͠Δͧ(ܕϨϕϧʹΤϯίʔυ͸ͯ͠ͳ͍) • enforce͸domainServiceͰrequest/requestBoolΛ࢖࣮ͬͯ૷ͯ͠ ͍ͧ͘ •

    ϑϩϯτͰ΋ݖݶͰϋϯυϦϯά͍ͨ͠έʔε͸͋ΔͷͰɺͲΜͳ ܗͰฦ͔͢͸૬ஊ͍ͨ͠(isAnalysis=true,Έ͍ͨͳͷΛແݶʹ૿΍ ͯ͠΋͍͍͠ɺshowPolicyͰऔΕΔ݁ՌΛͦͷ··౉ͯ͠΋OK)ɹ • ͜ͷهࣄ࠷ߴͳͷͰಡΉͱྑ͍ • https://kenfdev.hateblo.jp/entry/2020/01/13/115032

  47. ͓ΘΓ