What happens if an operation is not annotated with @exposedBy?

By default, the JUDO AccessManager follows a secure-by-default approach where access is denied to any operation that has not been explicitly exposed to an actor.

Can I add custom security logic to the authorization flow?

Yes, you can implement the AuthenticationInterceptor interface to add custom logic such as rate limiting, audit logging, or specialized business-rule validation.

How does the @exposedBy annotation function?

The @exposedBy annotation is used in the ASM model to explicitly define which actor types are authorized to execute a specific operation or access an entity.

Does this skill help with multi-tenant security?

Absolutely. It provides patterns for realm-based multi-tenancy, ensuring that users are only authorized for operations within their specific security realm.

What is an actor in the JUDO access control system?

An actor represents a user type or entity, categorized as either public (requiring no authentication) or authenticated (requiring a valid token within a specific realm).

JUDO Access Control Manager

Name: JUDO Access Control Manager
Author: BlackBeltTechnology

byBlackBeltTechnology

Security & Testing

Configures and manages declarative, actor-based authorization rules for applications built on the JUDO Runtime.

About

This skill provides comprehensive guidance for implementing secure access control within the JUDO Runtime Core environment. It enables developers to define complex authorization logic using actor types, multi-tenancy realms, and declarative annotations like @exposedBy. By streamlining the configuration of public versus authenticated access and supporting custom authentication interceptors, it ensures that backend operations are securely exposed only to authorized principals, significantly reducing the overhead of manual security implementation.

Key Features

Custom authentication interceptors for advanced logic like audit logging
Support for multi-tenant realm-based access control and multi-actor exposure
Automated principal extraction and validation flow for HTTP requests
Declarative actor-based authorization using ASM model annotations
0 GitHub stars
Granular CRUD permission management and operation-level exposure rules

Use Cases

Defining custom authorization behavior for complex business logic using interceptors
Implementing multi-tenant SaaS architectures with isolated realm-based security
Configuring public-facing API endpoints alongside secure administrative operations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add blackbelttechnology/judo-runtime-core access-control

For use in Claude.ai and ChatGPT

Download Skill

GitHub