Introduction
Ihawu (Ndebele for shield) is a Policy Enforcement Point (PEP) for JVM and Kotlin applications. It masks restricted fields as your data is serialized, so sensitive values never reach a caller who is not permitted to see them — and it fails closed, emitting an empty document rather than leaking when something goes wrong.
What it does
Section titled “What it does”Given a response type marked with @IhawuResource and a set of policies, Ihawu:
- resolves the field policies that apply to the current caller for that resource,
- hides (drops) or redacts (obfuscates) restricted fields during serialization, and
- returns the unmodified object for fields no rule restricts (masking is a denylist).
Your controllers return full, strongly-typed domain objects; the masking difference between callers comes entirely from policy.
What it is not
Section titled “What it is not”Ihawu is a Policy Enforcement Point, not a Policy Decision Point and not an authorizer. It enforces the decisions your identity provider and policy engine make; it does not decide whether a caller may reach an endpoint at all — that belongs upstream (your web framework, Spring Security, OPA, or your own PDP). Keeping enforcement separate from decision-making is what lets Ihawu stay small, predictable, and safe.
Where it fits
Section titled “Where it fits”request → [ auth / authz decision ] → controller returns domain object │ [ Ihawu enforces policy during serialization ] │ masked responseReady to try it? Head to Getting Started.