Tier 5: Security & RBAC Showcase
This showcase demonstrates the hierarchical ACL inheritance and group-based Role-Based Access Control (RBAC) system in a realistic scenario.
Scenario Setup
To run this showcase, you must first seed the security database with the demonstration data:
joynare-nexus security seed-showcaseThis command prepares the following environment in the joynare_nexus database:
Users & Groups
| User | Password | Group | Role | Access Level |
|---|---|---|---|---|
admin | admin123 | Administrators | Superuser | Full access to everything |
manager | manager123 | SecurityManagers | ACL User | Access to secure-acl and special-acl |
employee | employee123 | SecurityStaff | ACL User | Access to secure-acl only |
guest | guest123 | (None) | Unprivileged | Access to default ACL only |
Flows & ACLs
| Flow | Location | ACL Logic | Required ACL |
|---|---|---|---|
showcase.01-basics:SimplePipeline | flows/01-basics/ | System Default | default |
showcase.09-security:InheritedFlow | flows/09-security/ | Inherited from _folder.yaml | secure-acl |
showcase.09-security:OverrideFlow | flows/09-security/ | Overridden in flow.yaml | special-acl |
Testing the Scenario
Start the ESB server:
joynare-nexus serve1. The Guest User (Public Access)
Guests can access basic flows but are blocked from secure folders.
Access Granted (Public):
curl -u guest:guest123 http://localhost:9090/services/showcase/01-basics/SimplePipelineAccess Denied (Folder Security):
curl -u guest:guest123 http://localhost:9090/services/showcase/09-security/InheritedFlow2. The Employee (Inherited Access)
Employees have access to the secure folder via inheritance but cannot see special overrides.
Access Granted (Inherited):
curl -u employee:employee123 http://localhost:9090/services/showcase/09-security/InheritedFlowAccess Denied (Specific Override):
curl -u employee:employee123 http://localhost:9090/services/showcase/09-security/OverrideFlow3. The Manager (Multi-ACL Access)
Managers have been granted both the standard secure ACL and the special override ACL.
Access Granted (All Secure Flows):
curl -u manager:manager123 http://localhost:9090/services/showcase/09-security/InheritedFlow
curl -u manager:manager123 http://localhost:9090/services/showcase/09-security/OverrideFlow4. The Admin (Superuser Bypass)
Admins bypass the ACL system entirely and can access any resource.
Access Granted (Full System Access):
curl -u admin:admin123 http://localhost:9090/services/showcase/09-security/OverrideFlow