io.micronaut.security.handlers

Class RedirectRejectionHandler

java.lang.Object

io.micronaut.security.handlers.RedirectRejectionHandler

All Implemented Interfaces:

RejectionHandler

@Singleton
 @Secondary
 @Replaces(value=HttpStatusCodeRejectionHandler.class)
 @Requires(beans={UnauthorizedRejectionUriProvider.class,ForbiddenRejectionUriProvider.class,RedirectRejectionHandlerConfiguration.class}) @Requires(property="micronaut.security.redirect.enabled",notEquals="false")
public class RedirectRejectionHandler
extends Object
implements RejectionHandler

If beans UnauthorizedRejectionUriProvider and ForbiddenRejectionUriProvider exists provides a RejectionHandler implementation which performs redirects. It can be used for session based authentication flows or Open ID flows.

Since:

1.0

Author:

Sergio del Amo

Constructor Summary

Constructors

Constructor and Description
RedirectRejectionHandler(UnauthorizedRejectionUriProvider unauthorizedRejectionUriProvider, ForbiddenRejectionUriProvider forbiddenRejectionUriProvider, RedirectRejectionHandlerConfiguration redirectRejectionHandlerConfiguration) Constructor.

Method Summary

Modifier and Type	Method and Description
protected Optional<String>	getRedirectUri(HttpRequest<?> request, boolean forbidden) Returns the redirection uri.
protected MutableHttpResponse<?>	httpResponseWithUri(String uri) Builds a HTTP Response redirection to the supplied location.
protected HttpStatus	redirectionHttpStatus()
Publisher<MutableHttpResponse<?>>	reject(HttpRequest<?> request, boolean forbidden) Handles rejection of a request.
protected boolean	shouldHandleRequest(HttpRequest<?> request) Decides whether the request should be handled with a redirect.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RedirectRejectionHandler

public RedirectRejectionHandler(UnauthorizedRejectionUriProvider unauthorizedRejectionUriProvider,
                                ForbiddenRejectionUriProvider forbiddenRejectionUriProvider,
                                RedirectRejectionHandlerConfiguration redirectRejectionHandlerConfiguration)

Constructor.

Parameters:

unauthorizedRejectionUriProvider - URI Provider to redirect to if unauthenticated

forbiddenRejectionUriProvider - URI Provider to redirect to if authenticated but not enough authorization level.

redirectRejectionHandlerConfiguration - Redirect Rejection Handler Configuration

Method Detail

reject

public Publisher<MutableHttpResponse<?>> reject(HttpRequest<?> request,
                                                boolean forbidden)

Handles rejection of a request.

Specified by:

reject in interface RejectionHandler

Parameters:

request - HttpRequest being processed

forbidden - if true indicates that although the user was authenticated he did not had the necessary access privileges.

Returns:

shouldHandleRequest

protected boolean shouldHandleRequest(HttpRequest<?> request)

Decides whether the request should be handled with a redirect.

Parameters:

request - The HTTP Request

Returns:

true if the request accepts text/html

httpResponseWithUri

protected MutableHttpResponse<?> httpResponseWithUri(String uri)
                                              throws URISyntaxException

Builds a HTTP Response redirection to the supplied location.

Parameters:

uri - The Uri to redirect to

Returns:

a 303 HTTP response with the Uri as location

Throws:

URISyntaxException - if the supplied uri String cannot be used with URI.

redirectionHttpStatus

protected HttpStatus redirectionHttpStatus()

Returns:

return the Http status code which will be used for the redirection

getRedirectUri

protected Optional<String> getRedirectUri(HttpRequest<?> request,
                                          boolean forbidden)

Returns the redirection uri.

Parameters:

request - HttpRequest being processed

forbidden - if true indicates that although the user was authenticated he did not had the necessary access privileges.

Returns:

the uri to redirect to