Package io.micronaut.security.rules

Class AbstractSecurityRule<T>

java.lang.Object
io.micronaut.security.rules.AbstractSecurityRule<T>
Type Parameters:
T - Request
All Implemented Interfaces:
io.micronaut.core.order.Ordered, SecurityRule<T>
Direct Known Subclasses:
ConfigurationInterceptUrlMapRule, IpPatternsRule, SecuredAnnotationRule
public abstract class AbstractSecurityRule<T> extends Object implements SecurityRule<T>
A base SecurityRule class to extend from that provides helper methods to get the roles from the claims and compare them to the roles allowed by the rule.
Since:
1.0
Author:
James Kleeh

  • Constructor Details

    • AbstractSecurityRule

      protected AbstractSecurityRule(RolesFinder rolesFinder)
      Parameters:
      rolesFinder - Roles Parser

  • Method Details

    • getRoles

      protected List<String> getRoles(Authentication authentication)
      Appends SecurityRule.IS_ANONYMOUS if not authenticated. If the claims contain one or more roles, SecurityRule.IS_AUTHENTICATED is appended to the list.
      Parameters:
      authentication - The authentication, or null if none found
      Returns:
      The granted roles

    • compareRoles

      protected org.reactivestreams.Publisher<SecurityRuleResult> compareRoles(List<String> requiredRoles, Collection<String> grantedRoles)
      Compares the given roles to determine if the request is allowed by comparing if any of the granted roles is in the required roles list.
      Parameters:
      requiredRoles - The list of roles required to be authorized
      grantedRoles - The list of roles granted to the user
      Returns:
      SecurityRuleResult.REJECTED if none of the granted roles appears in the required roles list. SecurityRuleResult.ALLOWED otherwise.