io.micronaut.security.filters

Class SecurityFilter

java.lang.Object

io.micronaut.http.filter.OncePerRequestHttpServerFilter

io.micronaut.security.filters.SecurityFilter

All Implemented Interfaces:

io.micronaut.core.order.Ordered, io.micronaut.http.filter.HttpFilter, io.micronaut.http.filter.HttpServerFilter

@Filter(value="/**")
public class SecurityFilter
extends io.micronaut.http.filter.OncePerRequestHttpServerFilter

Security Filter.

Since:

1.0

Author:

Sergio del Amo, Graeme Rocher

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.CharSequence	AUTHENTICATION The attribute used to store the authentication object in the request.
protected java.util.Collection<AuthenticationFetcher>	authenticationFetchers
protected java.lang.Integer	order The order of the Security Filter.
static java.lang.CharSequence	REJECTION The attribute used to store if the request was rejected and why.
protected RejectionHandler	rejectionHandler
protected java.util.Collection<SecurityRule>	securityRules
static java.lang.CharSequence	TOKEN The attribute used to store a valid token in the request.

Fields inherited from interface io.micronaut.core.order.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
SecurityFilter(java.util.Collection<SecurityRule> securityRules, java.util.Collection<AuthenticationFetcher> authenticationFetchers, RejectionHandler rejectionHandler, SecurityFilterOrderProvider securityFilterOrderProvider)

Method Summary

Modifier and Type	Method and Description
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>>	checkRules(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain, io.micronaut.web.router.RouteMatch routeMatch, java.util.Map<java.lang.String,java.lang.Object> attributes, boolean forbidden) Check the security rules against the provided arguments.
protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>>	doFilterOnce(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)
int	getOrder()

Methods inherited from class io.micronaut.http.filter.OncePerRequestHttpServerFilter

doFilter, getKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.micronaut.http.filter.HttpServerFilter

doFilter

Field Detail

AUTHENTICATION

public static final java.lang.CharSequence AUTHENTICATION

The attribute used to store the authentication object in the request.

REJECTION

public static final java.lang.CharSequence REJECTION

The attribute used to store if the request was rejected and why.

TOKEN

public static final java.lang.CharSequence TOKEN

The attribute used to store a valid token in the request.

order

protected final java.lang.Integer order

The order of the Security Filter.

securityRules

protected final java.util.Collection<SecurityRule> securityRules

authenticationFetchers

protected final java.util.Collection<AuthenticationFetcher> authenticationFetchers

rejectionHandler

protected final RejectionHandler rejectionHandler

Constructor Detail

SecurityFilter

public SecurityFilter(java.util.Collection<SecurityRule> securityRules,
                      java.util.Collection<AuthenticationFetcher> authenticationFetchers,
                      RejectionHandler rejectionHandler,
                      @Nullable
                      SecurityFilterOrderProvider securityFilterOrderProvider)

Parameters:

securityRules - The list of rules that will allow or reject the request

authenticationFetchers - List of AuthenticationFetcher beans in the context.

rejectionHandler - Bean which handles routes which need to be rejected

securityFilterOrderProvider - filter order provider

Method Detail

getOrder

public int getOrder()

doFilterOnce

protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilterOnce(io.micronaut.http.HttpRequest<?> request,
                                                                                               io.micronaut.http.filter.ServerFilterChain chain)

Specified by:

doFilterOnce in class io.micronaut.http.filter.OncePerRequestHttpServerFilter

checkRules

protected org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> checkRules(io.micronaut.http.HttpRequest<?> request,
                                                                                             io.micronaut.http.filter.ServerFilterChain chain,
                                                                                             @Nullable
                                                                                             io.micronaut.web.router.RouteMatch routeMatch,
                                                                                             @Nullable
                                                                                             java.util.Map<java.lang.String,java.lang.Object> attributes,
                                                                                             boolean forbidden)

Check the security rules against the provided arguments.

Parameters:

request - The request

chain - The server chain

routeMatch - The route match

attributes - The authentication attributes

forbidden - Whether a rejection should be forbidden

Returns:

A response publisher