Package io.micronaut.security.filters
Class SecurityFilter
- java.lang.Object
-
- io.micronaut.http.filter.OncePerRequestHttpServerFilter
-
- io.micronaut.security.filters.SecurityFilter
-
- All Implemented Interfaces:
io.micronaut.core.order.Ordered
,io.micronaut.http.filter.HttpFilter
,io.micronaut.http.filter.HttpServerFilter
@Filter("/**") public class SecurityFilter extends io.micronaut.http.filter.OncePerRequestHttpServerFilter
Security Filter.- Since:
- 1.0
- Author:
- Sergio del Amo, Graeme Rocher
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.CharSequence
AUTHENTICATION
The attribute used to store the authentication object in the request.protected java.util.Collection<AuthenticationFetcher>
authenticationFetchers
protected java.lang.Integer
order
The order of the Security Filter.static java.lang.CharSequence
REJECTION
The attribute used to store if the request was rejected and why.protected RejectionHandler
rejectionHandler
protected java.util.Collection<SecurityRule>
securityRules
static java.lang.CharSequence
TOKEN
The attribute used to store a valid token in the request.
-
Constructor Summary
Constructors Constructor Description SecurityFilter(java.util.Collection<SecurityRule> securityRules, java.util.Collection<AuthenticationFetcher> authenticationFetchers, RejectionHandler rejectionHandler, SecurityFilterOrderProvider securityFilterOrderProvider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>>
checkRules(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain, io.micronaut.web.router.RouteMatch routeMatch, java.util.Map<java.lang.String,java.lang.Object> attributes, boolean forbidden)
Check the security rules against the provided arguments.protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>>
doFilterOnce(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)
int
getOrder()
-
Methods inherited from class io.micronaut.http.filter.OncePerRequestHttpServerFilter
doFilter, getKey
-
-
-
-
Field Detail
-
AUTHENTICATION
public static final java.lang.CharSequence AUTHENTICATION
The attribute used to store the authentication object in the request.
-
REJECTION
public static final java.lang.CharSequence REJECTION
The attribute used to store if the request was rejected and why.
-
TOKEN
public static final java.lang.CharSequence TOKEN
The attribute used to store a valid token in the request.
-
order
protected final java.lang.Integer order
The order of the Security Filter.
-
securityRules
protected final java.util.Collection<SecurityRule> securityRules
-
authenticationFetchers
protected final java.util.Collection<AuthenticationFetcher> authenticationFetchers
-
rejectionHandler
protected final RejectionHandler rejectionHandler
-
-
Constructor Detail
-
SecurityFilter
public SecurityFilter(java.util.Collection<SecurityRule> securityRules, java.util.Collection<AuthenticationFetcher> authenticationFetchers, RejectionHandler rejectionHandler, @Nullable SecurityFilterOrderProvider securityFilterOrderProvider)
- Parameters:
securityRules
- The list of rules that will allow or reject the requestauthenticationFetchers
- List ofAuthenticationFetcher
beans in the context.rejectionHandler
- Bean which handles routes which need to be rejectedsecurityFilterOrderProvider
- filter order provider
-
-
Method Detail
-
getOrder
public int getOrder()
-
doFilterOnce
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilterOnce(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)
- Specified by:
doFilterOnce
in classio.micronaut.http.filter.OncePerRequestHttpServerFilter
-
checkRules
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> checkRules(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain, @Nullable io.micronaut.web.router.RouteMatch routeMatch, @Nullable java.util.Map<java.lang.String,java.lang.Object> attributes, boolean forbidden)
Check the security rules against the provided arguments.- Parameters:
request
- The requestchain
- The server chainrouteMatch
- The route matchattributes
- The authentication attributesforbidden
- Whether a rejection should be forbidden- Returns:
- A response publisher
-
-