io.micronaut.security.rules

Class SensitiveEndpointRule

java.lang.Object

io.micronaut.security.rules.SensitiveEndpointRule

All Implemented Interfaces:

io.micronaut.core.order.Ordered, SecurityRule

@Requires(beans=io.micronaut.management.endpoint.EndpointSensitivityProcessor.class)
 @Singleton
public class SensitiveEndpointRule
extends java.lang.Object
implements SecurityRule

Finds any sensitive endpoints and processes requests that match their id. The user must be authenticated to execute sensitive requests.

Since:

1.0

Author:

Sergio del Amo, James Kleeh

Field Summary

Fields

Modifier and Type	Field and Description
protected java.util.Map<io.micronaut.inject.ExecutableMethod,java.lang.Boolean>	endpointMethods A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.
static java.lang.String	NON_REPLACED_SECURITY_ERROR_MESSAGE
static java.lang.Integer	ORDER The order of the rule.

Fields inherited from interface io.micronaut.security.rules.SecurityRule

DENY_ALL, IS_ANONYMOUS, IS_AUTHENTICATED

Fields inherited from interface io.micronaut.core.order.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
SensitiveEndpointRule(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor) Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.

Method Summary

Modifier and Type	Method and Description
protected org.reactivestreams.Publisher<SecurityRuleResult>	check(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?,?> method) Evaluate the Endpoint's method.
org.reactivestreams.Publisher<SecurityRuleResult>	check(io.micronaut.http.HttpRequest<?> request, io.micronaut.web.router.RouteMatch<?> routeMatch, Authentication authentication) Returns a publisher that is required to emit a single security result based on any conditions.
protected org.reactivestreams.Publisher<SecurityRuleResult>	checkNotSensitive(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?,?> method) Evaluates a non sensitive endpoint.
protected org.reactivestreams.Publisher<SecurityRuleResult>	checkSensitiveAnonymous(io.micronaut.http.HttpRequest<?> request, io.micronaut.inject.ExecutableMethod<?,?> method) Evaluates a sensitive endpoint for an anonymous user.
protected org.reactivestreams.Publisher<SecurityRuleResult>	checkSensitiveAuthenticated(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?,?> method) Evaluates a sensitive endpoint for an authenticated user.
protected java.lang.String	endpointName(io.micronaut.inject.ExecutableMethod<?,?> method)
int	getOrder()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ORDER

public static final java.lang.Integer ORDER

The order of the rule.

NON_REPLACED_SECURITY_ERROR_MESSAGE

public static final java.lang.String NON_REPLACED_SECURITY_ERROR_MESSAGE

See Also:

Constant Field Values

endpointMethods

protected final java.util.Map<io.micronaut.inject.ExecutableMethod,java.lang.Boolean> endpointMethods

A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.

Constructor Detail

SensitiveEndpointRule

public SensitiveEndpointRule(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor)

Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.

Parameters:

endpointSensitivityProcessor - The endpoint configurations

Method Detail

check

public org.reactivestreams.Publisher<SecurityRuleResult> check(io.micronaut.http.HttpRequest<?> request,
                                                               @Nullable
                                                               io.micronaut.web.router.RouteMatch<?> routeMatch,
                                                               @Nullable
                                                               Authentication authentication)

Description copied from interface: SecurityRule

Returns a publisher that is required to emit a single security result based on any conditions.

Specified by:

check in interface SecurityRule

Parameters:

request - The current request

routeMatch - The matched route or empty if no route was matched. e.g. static resource.

authentication - The user authentication. Null if not authenticated

Returns:

The result

See Also:

SecurityRuleResult

check

@NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> check(@NonNull
                                                                           io.micronaut.http.HttpRequest<?> request,
                                                                           @Nullable
                                                                           Authentication authentication,
                                                                           @NonNull
                                                                           io.micronaut.inject.ExecutableMethod<?,?> method)

Evaluate the Endpoint's method.

Parameters:

request - HTTP Request

authentication - The authentication, or null if none found

method - Route method

Returns:

The Result

getOrder

public int getOrder()

Specified by:

getOrder in interface io.micronaut.core.order.Ordered

checkSensitiveAuthenticated

@NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAuthenticated(@NonNull
                                                                                                 io.micronaut.http.HttpRequest<?> request,
                                                                                                 @NonNull
                                                                                                 Authentication authentication,
                                                                                                 @NonNull
                                                                                                 io.micronaut.inject.ExecutableMethod<?,?> method)

Evaluates a sensitive endpoint for an authenticated user.

Parameters:

request - HTTP Request

authentication - The authentication, or null if none found

method - Endpoint's method

Returns:

The Result

checkSensitiveAnonymous

@NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAnonymous(@NonNull
                                                                                             io.micronaut.http.HttpRequest<?> request,
                                                                                             @NonNull
                                                                                             io.micronaut.inject.ExecutableMethod<?,?> method)

Evaluates a sensitive endpoint for an anonymous user.

Parameters:

request - HTTP Request

method - Endpoint's method

Returns:

The Result

checkNotSensitive

@NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> checkNotSensitive(@NonNull
                                                                                       io.micronaut.http.HttpRequest<?> request,
                                                                                       @Nullable
                                                                                       Authentication authentication,
                                                                                       @NonNull
                                                                                       io.micronaut.inject.ExecutableMethod<?,?> method)

Evaluates a non sensitive endpoint.

Parameters:

request - HTTP Request

authentication - The authentication, or null if none found

method - Endpoint's method

Returns:

The Result

endpointName

@NonNull
protected java.lang.String endpointName(@NonNull
                                                 io.micronaut.inject.ExecutableMethod<?,?> method)

Parameters:

method - Endpoint's method

Returns:

A string identifying the Endpoint