Package io.micronaut.security.rules
Class AbstractSecurityRule<T>
java.lang.Object
io.micronaut.security.rules.AbstractSecurityRule<T>
- Type Parameters:
T
- Request
- All Implemented Interfaces:
io.micronaut.core.order.Ordered
,SecurityRule<T>
- Direct Known Subclasses:
ConfigurationInterceptUrlMapRule
,IpPatternsRule
,SecuredAnnotationRule
A base
SecurityRule
class to extend from that provides
helper methods to get the roles from the claims and compare them
to the roles allowed by the rule.- Since:
- 1.0
- Author:
- James Kleeh
-
Field Summary
Fields inherited from interface io.micronaut.core.order.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Fields inherited from interface io.micronaut.security.rules.SecurityRule
DENY_ALL, IS_ANONYMOUS, IS_AUTHENTICATED
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected org.reactivestreams.Publisher<SecurityRuleResult>
compareRoles
(List<String> requiredRoles, Collection<String> grantedRoles) Compares the given roles to determine if the request is allowed by comparing if any of the granted roles is in the required roles list.getRoles
(Authentication authentication) AppendsSecurityRule.IS_ANONYMOUS
if not authenticated.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.micronaut.core.order.Ordered
getOrder
Methods inherited from interface io.micronaut.security.rules.SecurityRule
check
-
Constructor Details
-
AbstractSecurityRule
- Parameters:
rolesFinder
- Roles Parser
-
-
Method Details
-
getRoles
AppendsSecurityRule.IS_ANONYMOUS
if not authenticated. If the claims contain one or more roles,SecurityRule.IS_AUTHENTICATED
is appended to the list.- Parameters:
authentication
- The authentication, or null if none found- Returns:
- The granted roles
-
compareRoles
protected org.reactivestreams.Publisher<SecurityRuleResult> compareRoles(List<String> requiredRoles, Collection<String> grantedRoles) Compares the given roles to determine if the request is allowed by comparing if any of the granted roles is in the required roles list.- Parameters:
requiredRoles
- The list of roles required to be authorizedgrantedRoles
- The list of roles granted to the user- Returns:
SecurityRuleResult.REJECTED
if none of the granted roles appears in the required roles list.SecurityRuleResult.ALLOWED
otherwise.
-