Package io.micronaut.security.filters

Class SecurityFilter

  • All Implemented Interfaces:
    io.micronaut.core.order.Ordered, io.micronaut.http.filter.HttpFilter, io.micronaut.http.filter.HttpServerFilter
    @Filter("/**")
public class SecurityFilter
extends io.micronaut.http.filter.OncePerRequestHttpServerFilter
    Security Filter.
    Since:
    1.0
    Author:
    Sergio del Amo, Graeme Rocher

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.CharSequence AUTHENTICATION
      The attribute used to store the authentication object in the request.
      protected java.util.Collection<AuthenticationFetcher> authenticationFetchers  
      protected java.lang.Integer order
      The order of the Security Filter.
      static java.lang.CharSequence REJECTION
      The attribute used to store if the request was rejected and why.
      protected RejectionHandler rejectionHandler  
      protected java.util.Collection<SecurityRule> securityRules  
      static java.lang.CharSequence TOKEN
      The attribute used to store a valid token in the request.

      • Fields inherited from interface io.micronaut.core.order.Ordered

        HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> checkRules​(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain, io.micronaut.web.router.RouteMatch routeMatch, java.util.Map<java.lang.String,​java.lang.Object> attributes, boolean forbidden)
      Check the security rules against the provided arguments.
      protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilterOnce​(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)  
      int getOrder()  

      • Methods inherited from class io.micronaut.http.filter.OncePerRequestHttpServerFilter

        doFilter, getKey

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface io.micronaut.http.filter.HttpServerFilter

        doFilter

    • Field Detail

      • AUTHENTICATION

        public static final java.lang.CharSequence AUTHENTICATION
        The attribute used to store the authentication object in the request.

      • REJECTION

        public static final java.lang.CharSequence REJECTION
        The attribute used to store if the request was rejected and why.

      • TOKEN

        public static final java.lang.CharSequence TOKEN
        The attribute used to store a valid token in the request.

      • order

        protected final java.lang.Integer order
        The order of the Security Filter.

      • securityRules

        protected final java.util.Collection<SecurityRule> securityRules

      • authenticationFetchers

        protected final java.util.Collection<AuthenticationFetcher> authenticationFetchers

    • Constructor Detail

      • SecurityFilter

        public SecurityFilter​(java.util.Collection<SecurityRule> securityRules,
                      java.util.Collection<AuthenticationFetcher> authenticationFetchers,
                      RejectionHandler rejectionHandler,
                      @Nullable
                      SecurityFilterOrderProvider securityFilterOrderProvider)
        Parameters:
        securityRules - The list of rules that will allow or reject the request
        authenticationFetchers - List of AuthenticationFetcher beans in the context.
        rejectionHandler - Bean which handles routes which need to be rejected
        securityFilterOrderProvider - filter order provider

    • Method Detail

      • getOrder

        public int getOrder()

      • doFilterOnce

        protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilterOnce​(io.micronaut.http.HttpRequest<?> request,
                                                                                               io.micronaut.http.filter.ServerFilterChain chain)
        Specified by:
        doFilterOnce in class io.micronaut.http.filter.OncePerRequestHttpServerFilter

      • checkRules

        protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> checkRules​(io.micronaut.http.HttpRequest<?> request,
                                                                                             io.micronaut.http.filter.ServerFilterChain chain,
                                                                                             @Nullable
                                                                                             io.micronaut.web.router.RouteMatch routeMatch,
                                                                                             @Nullable
                                                                                             java.util.Map<java.lang.String,​java.lang.Object> attributes,
                                                                                             boolean forbidden)
        Check the security rules against the provided arguments.
        Parameters:
        request - The request
        chain - The server chain
        routeMatch - The route match
        attributes - The authentication attributes
        forbidden - Whether a rejection should be forbidden
        Returns:
        A response publisher