@Filter(value="/**") public class SecurityFilter extends OncePerRequestHttpServerFilter
Modifier and Type | Field and Description |
---|---|
static CharSequence |
AUTHENTICATION
The attribute used to store the authentication object in the request.
|
protected Collection<AuthenticationFetcher> |
authenticationFetchers |
protected Integer |
order
The order of the Security Filter.
|
static CharSequence |
REJECTION
The attribute used to store if the request was rejected and why.
|
protected RejectionHandler |
rejectionHandler |
protected Collection<SecurityRule> |
securityRules |
static CharSequence |
TOKEN
The attribute used to store a valid token in the request.
|
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Constructor and Description |
---|
SecurityFilter(Collection<SecurityRule> securityRules,
Collection<AuthenticationFetcher> authenticationFetchers,
RejectionHandler rejectionHandler,
SecurityFilterOrderProvider securityFilterOrderProvider) |
Modifier and Type | Method and Description |
---|---|
protected Publisher<MutableHttpResponse<?>> |
checkRules(HttpRequest<?> request,
ServerFilterChain chain,
RouteMatch routeMatch,
Map<String,Object> attributes,
boolean forbidden)
Check the security rules against the provided arguments.
|
protected Publisher<MutableHttpResponse<?>> |
doFilterOnce(HttpRequest<?> request,
ServerFilterChain chain) |
int |
getOrder() |
doFilter, getKey
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
doFilter
public static final CharSequence AUTHENTICATION
public static final CharSequence REJECTION
public static final CharSequence TOKEN
protected final Integer order
protected final Collection<SecurityRule> securityRules
protected final Collection<AuthenticationFetcher> authenticationFetchers
protected final RejectionHandler rejectionHandler
public SecurityFilter(Collection<SecurityRule> securityRules, Collection<AuthenticationFetcher> authenticationFetchers, RejectionHandler rejectionHandler, @Nullable SecurityFilterOrderProvider securityFilterOrderProvider)
securityRules
- The list of rules that will allow or reject the requestauthenticationFetchers
- List of AuthenticationFetcher
beans in the context.rejectionHandler
- Bean which handles routes which need to be rejectedsecurityFilterOrderProvider
- filter order providerpublic int getOrder()
protected Publisher<MutableHttpResponse<?>> doFilterOnce(HttpRequest<?> request, ServerFilterChain chain)
doFilterOnce
in class OncePerRequestHttpServerFilter
request
- The HttpRequest
instancechain
- The ServerFilterChain
instancePublisher
for the Http responseprotected Publisher<MutableHttpResponse<?>> checkRules(HttpRequest<?> request, ServerFilterChain chain, @Nullable RouteMatch routeMatch, @Nullable Map<String,Object> attributes, boolean forbidden)
request
- The requestchain
- The server chainrouteMatch
- The route matchattributes
- The authentication attributesforbidden
- Whether a rejection should be forbidden