Ballerina Security

Ballerina-Security

The examples, use-cases, demos, and resources related to microservices security patterns with Ballerina, which is an open-source programming language for the cloud that makes it easier to use, combine, and create network services.

GitHub: https://github.com/ldclakmal/ballerina-security

Summary

Ballerina has first-class support for a whole bunch of security features from transport layer security like SSL/TLS, mTLS to application layer security like Basic Auth, JWT Auth, OAuth2, etc.

Ballerina standard library has Auth, JWT, and OAuth2 modules which provide the authentication and authorization framework to secure the APIs of microservices written with HTTP, WebSocket, GraphQL, gRPC, and WebSub protocols. The Crypto module facilitates APIs to perform cryptographic operations like hashing, HMAC generation, checksum generation, encryption, decryption, signing data digitally, verifying digitally signed data, etc., with different cryptographic algorithms. The URL module facilitates APIs to encode and decode a URL or part of a URL. The Kafka, RabbitMQ, NATS, STAN, Email, FTP, TCP, and UDP modules have their ways of securing APIs which are protocol-dependent.

This repository contains all the examples, use-cases, demos, and resources related to Ballerina Security in one place.

Click here to see the visualization of project codebase using the GitHub OCTO - Repo Visualization Project.

Dashboard

This section demonstrates the current status of the security modules of the Ballerina standard library followed by the official references for all the security examples aka Ballerina by examples (BBEs).

Module Latest Release Status Issues & PRs Docs & Package
auth tag build
codecov
issues
pulls
docs
package
jwt tag build
codecov
issues
pulls
docs
package
oauth2 tag build
codecov
issues
pulls
docs
package
crypto tag build
codecov
issues
pulls
docs
package
url tag build
codecov
issues
pulls
docs
package

Ballerina by Examples (BBEs)

This section demonstrates an automated Ballerina security test-suite which integrate the Ballerina by examples (BBEs). These tests run on-demand with the provided Ballerina version in GitHub secrets.

BBEs

Category BBE
REST API Security Service - SSL/TLS
Service - Mutual SSL
Service - Basic Auth File User Store
Service - Basic Auth LDAP User Store
Service - JWT Auth
Service - OAuth2
Client - SSL/TLS
Client - Mutual SSL
Client - Basic Auth
Client - Bearer Token Auth
Client - Self Signed JWT Auth
Client - OAuth2 Client Credentials Grant Type
Client - OAuth2 Password Grant Type
Client - OAuth2 Refresh Token Grant Type
Client - OAuth2 JWT Bearer Grant Type
WebSocket Security Service - SSL/TLS
Service - Mutual SSL
Service - Basic Auth File User Store
Service - Basic Auth LDAP User Store
Service - JWT Auth
Service - OAuth2
Client - SSL/TLS
Client - Mutual SSL
Client - Basic Auth
Client - Bearer Token Auth
Client - Self Signed JWT Auth
Client - OAuth2 Client Credentials Grant Type
Client - OAuth2 Password Grant Type
Client - OAuth2 Refresh Token Grant Type
Client - OAuth2 JWT Bearer Grant Type
GraphQL Security Service - SSL/TLS
Service - Mutual SSL
Service - Basic Auth File User Store
Service - Basic Auth LDAP User Store
Service - JWT Auth
Service - OAuth2
gRPC Security Service - SSL/TLS
Service - Mutual SSL
Service - Basic Auth File User Store
Service - Basic Auth LDAP User Store
Service - JWT Auth
Service - OAuth2
Client - SSL/TLS
Client - Mutual SSL
Client - Basic Auth
Client - Bearer Token Auth
Client - Self Signed JWT Auth
Client - OAuth2 Client Credentials Grant Type
Client - OAuth2 Password Grant Type
Client - OAuth2 Refresh Token Grant Type
Client - OAuth2 JWT Bearer Grant Type
Kafka Security SASL Authentication - Consumer
SASL Authentication - Producer
RabbitMQ Security Secured Connection - Producer & Consumer
NATS Security Secured Connection - Publisher & Subscriber
STAN Security Secured Connection - Publisher & Subscriber
TCP Security TCP Transport Security
Security Cryptographic Operations
JWT Issue & Validate
URL URL Encode & Decode

Examples

This section demonstrates the examples with authentication and authorization for different protocols supported by Ballerina.

Examples

  1. HTTP
  2. WebSocket
  3. GraphQL
  4. gRPC
  5. WebSub
  6. Kafka
  7. RabbitMQ
  8. NATS
  9. STAN
  10. Email
  11. FTP
  12. TCP
  13. UDP (Pending)

Scenarios

This section demonstrates the real-world scenarios which have authentication and authorization requirements and how that can be supported with Ballerina.

  1. Ballerina Secure Token Service (STS)
  2. E-Commerce system

Integrations

This section demonstrates an automated Ballerina security test-suite which contains authentication and authorization related integration scenarios. These tests run on-demand with the provided Ballerina version in GitHub secrets.

Integrations

Directory Structure

integrations
|__ basic-auth-file-store
|__ basic-auth-ldap-store
|__ jwt-auth
|__ oauth2

Issues/Tasks

Ballerina standard library has a separate GitHub issue for each issue or task. So, this section summarizes the issues/tasks related to the security aspects of Ballerina standard libraries. These issues/tasks are further categorized as bugs, improvements, new features, and tasks. Refer to the this page for more information.


References

The following sections have important references which were used for the design and implementation of the current Ballerina Security model and its related components. All the references are open source and publicly available.

User Guides

Research & Design

Blogs

GitHub Pull Requests

YouTube Videos

Specifications

Guides


About me - https://ldclakmal.me

linkedin   github   medium   twitter   stackoverflow   google-scholar   flickr