@Filter(value="/**")
public class SecurityFilter
extends io.micronaut.http.filter.OncePerRequestHttpServerFilter
Modifier and Type | Field and Description |
---|---|
static java.lang.CharSequence |
AUTHENTICATION
The attribute used to store the authentication object in the request.
|
protected java.util.Collection<AuthenticationFetcher> |
authenticationFetchers |
protected java.lang.Integer |
order
The order of the Security Filter.
|
static java.lang.CharSequence |
REJECTION
The attribute used to store if the request was rejected and why.
|
protected RejectionHandler |
rejectionHandler |
protected java.util.Collection<SecurityRule> |
securityRules |
static java.lang.CharSequence |
TOKEN
The attribute used to store a valid token in the request.
|
Constructor and Description |
---|
SecurityFilter(java.util.Collection<SecurityRule> securityRules,
java.util.Collection<AuthenticationFetcher> authenticationFetchers,
RejectionHandler rejectionHandler,
SecurityFilterOrderProvider securityFilterOrderProvider) |
Modifier and Type | Method and Description |
---|---|
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> |
checkRules(io.micronaut.http.HttpRequest<?> request,
io.micronaut.http.filter.ServerFilterChain chain,
io.micronaut.web.router.RouteMatch routeMatch,
java.util.Map<java.lang.String,java.lang.Object> attributes,
boolean forbidden)
Check the security rules against the provided arguments.
|
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> |
doFilterOnce(io.micronaut.http.HttpRequest<?> request,
io.micronaut.http.filter.ServerFilterChain chain) |
int |
getOrder() |
doFilter, getKey
public static final java.lang.CharSequence AUTHENTICATION
public static final java.lang.CharSequence REJECTION
public static final java.lang.CharSequence TOKEN
protected final java.lang.Integer order
protected final java.util.Collection<SecurityRule> securityRules
protected final java.util.Collection<AuthenticationFetcher> authenticationFetchers
protected final RejectionHandler rejectionHandler
public SecurityFilter(java.util.Collection<SecurityRule> securityRules, java.util.Collection<AuthenticationFetcher> authenticationFetchers, RejectionHandler rejectionHandler, @Nullable SecurityFilterOrderProvider securityFilterOrderProvider)
securityRules
- The list of rules that will allow or reject the requestauthenticationFetchers
- List of AuthenticationFetcher
beans in the context.rejectionHandler
- Bean which handles routes which need to be rejectedsecurityFilterOrderProvider
- filter order providerpublic int getOrder()
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilterOnce(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)
doFilterOnce
in class io.micronaut.http.filter.OncePerRequestHttpServerFilter
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> checkRules(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain, @Nullable io.micronaut.web.router.RouteMatch routeMatch, @Nullable java.util.Map<java.lang.String,java.lang.Object> attributes, boolean forbidden)
request
- The requestchain
- The server chainrouteMatch
- The route matchattributes
- The authentication attributesforbidden
- Whether a rejection should be forbidden