Cerbos authorization for Gorilla
Add policy-based authorization to Gorilla Mux HTTP handlers and middleware using the Cerbos Go SDK. Enforce fine-grained access control at the router level without hard-coding permission logic in every handler.
Authorize at the router level
Add Cerbos checks as Gorilla Mux middleware to enforce permissions before requests reach your handler functions
Use Go context for attributes
Pass user identity and resource attributes through Go's context.Context, giving Cerbos the information it needs for attribute-based decisions
Decouple policy from code
Move authorization rules out of handler functions and into versioned YAML policies that can be updated without recompiling your Go application
How Cerbos works with Gorilla
Building authorization logic inside Gorilla quickly becomes a maintenance burden. Hard-coded role checks scatter across controllers and middleware, and every permission change requires a code deploy.
Cerbos replaces scattered authorization logic with a single API call. You define fine-grained policies in YAML, and the Cerbos PDP evaluates them at request time using roles, attributes, and any context you provide.
With Cerbos your Gorilla application stays focused on business logic while authorization policies evolve independently, managed by product or security teams without touching code.
How Cerbos works with Gorilla Mux
- Add the Cerbos Go SDK to your project. Import the Cerbos client package and initialize it with the address of your Cerbos PDP instance.
- Create authorization middleware. Write a Gorilla Mux middleware function that extracts the authenticated principal from the request context, builds a Cerbos check request, and calls the PDP before passing control to the next handler.
- Define authorization policies in YAML. Write resource and principal policies that capture your access control rules, including roles, attributes, and conditions. Store them alongside your code and version them in git.
- Cerbos evaluates policies at request time. Every authorization check is evaluated against the latest policies with sub-millisecond latency. Update rules without recompiling or redeploying your Go service.
FAQ
How do I integrate Cerbos with Gorilla Mux?
Use the Cerbos Go SDK to create a client and call the Cerbos PDP from your Gorilla Mux handlers or middleware. You can build a middleware function that extracts the authenticated user from the request context, calls Cerbos to check permissions, and either allows the request to proceed or returns a 403.
Can I use Cerbos as Gorilla Mux middleware?
Yes. Create a middleware function that wraps your handlers, extracts the principal and resource information from the request, and calls the Cerbos PDP. Attach it to specific routes or subrouters using Gorilla's middleware chaining. The Cerbos PDP responds in sub-millisecond time.
How does Cerbos work with Go's context package?
The Cerbos Go SDK accepts a context.Context, so it integrates naturally with Go's request lifecycle. You can pass the request context from your Gorilla handler directly to the Cerbos client, ensuring cancellation and timeouts propagate correctly.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Gorilla
- Single API call replaces hard-coded permission checks in Gorilla
- Policies updated independently of application deploys
- Authorization policies versioned and tested like source code
- Stateless PDP scales independently of the application
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.