Package io.micronaut.security.rules

Class SensitiveEndpointRule

java.lang.Object
io.micronaut.security.rules.SensitiveEndpointRule
All Implemented Interfaces:
io.micronaut.core.order.Ordered, io.micronaut.management.endpoint.EndpointSensitivityHandler, SecurityRule<io.micronaut.http.HttpRequest<?>>
@Requires(classes={io.micronaut.management.endpoint.EndpointSensitivityProcessor.class,io.micronaut.http.HttpRequest.class}) @Singleton public class SensitiveEndpointRule extends Object implements SecurityRule<io.micronaut.http.HttpRequest<?>>, io.micronaut.management.endpoint.EndpointSensitivityHandler
Finds any sensitive endpoints and processes requests that match their id. The user must be authenticated to execute sensitive requests.
Since:
1.0
Author:
Sergio del Amo, James Kleeh

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final Map<io.micronaut.inject.ExecutableMethod,Boolean>
    endpointMethods
    A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.
    static final String
    NON_REPLACED_SECURITY_ERROR_MESSAGE
     
    static final Integer
    ORDER
    The order of the rule.

    Fields inherited from interface io.micronaut.core.order.Ordered

    HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

    Fields inherited from interface io.micronaut.security.rules.SecurityRule

    DENY_ALL, IS_ANONYMOUS, IS_AUTHENTICATED

  • Constructor Summary

    Constructors
    Constructor
    Description
    SensitiveEndpointRule(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor)
    Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult>
    check(@NonNull io.micronaut.http.HttpRequest<?> request, @Nullable Authentication authentication, @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
    Evaluate the Endpoint's method.
    org.reactivestreams.Publisher<SecurityRuleResult>
    check(io.micronaut.http.HttpRequest<?> request, @Nullable Authentication authentication)
    Returns a publisher that is required to emit a single security result based on any conditions.
    protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult>
    checkNotSensitive(@NonNull io.micronaut.http.HttpRequest<?> request, @Nullable Authentication authentication, @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
    Evaluates a non sensitive endpoint.
    protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult>
    checkSensitiveAnonymous(@NonNull io.micronaut.http.HttpRequest<?> request, @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
    Evaluates a sensitive endpoint for an anonymous user.
    protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult>
    checkSensitiveAuthenticated(@NonNull io.micronaut.http.HttpRequest<?> request, @NonNull Authentication authentication, @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
    Evaluates a sensitive endpoint for an authenticated user.
    protected @NonNull String
    endpointName(@NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
     
    int
    getOrder()
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • ORDER

      public static final Integer ORDER
      The order of the rule.

    • NON_REPLACED_SECURITY_ERROR_MESSAGE

      public static final String NON_REPLACED_SECURITY_ERROR_MESSAGE
      See Also:

    • endpointMethods

      protected final Map<io.micronaut.inject.ExecutableMethod,Boolean> endpointMethods
      A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.

  • Constructor Details

    • SensitiveEndpointRule

      public SensitiveEndpointRule(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor)
      Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.
      Parameters:
      endpointSensitivityProcessor - The endpoint configurations

  • Method Details

    • check

      public org.reactivestreams.Publisher<SecurityRuleResult> check(io.micronaut.http.HttpRequest<?> request, @Nullable @Nullable Authentication authentication)
      Description copied from interface: SecurityRule
      Returns a publisher that is required to emit a single security result based on any conditions.
      Specified by:
      check in interface SecurityRule<io.micronaut.http.HttpRequest<?>>
      Parameters:
      request - The current request
      authentication - The user authentication. Null if not authenticated
      Returns:
      The result
      See Also:

    • check

      @NonNull protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult> check(@NonNull @NonNull io.micronaut.http.HttpRequest<?> request, @Nullable @Nullable Authentication authentication, @NonNull @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
      Evaluate the Endpoint's method.
      Parameters:
      request - HTTP Request
      authentication - The authentication, or null if none found
      method - Route method
      Returns:
      The Result

    • getOrder

      public int getOrder()
      Specified by:
      getOrder in interface io.micronaut.core.order.Ordered

    • checkSensitiveAuthenticated

      @NonNull protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAuthenticated(@NonNull @NonNull io.micronaut.http.HttpRequest<?> request, @NonNull @NonNull Authentication authentication, @NonNull @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
      Evaluates a sensitive endpoint for an authenticated user.
      Parameters:
      request - HTTP Request
      authentication - The authentication, or null if none found
      method - Endpoint's method
      Returns:
      The Result

    • checkSensitiveAnonymous

      @NonNull protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAnonymous(@NonNull @NonNull io.micronaut.http.HttpRequest<?> request, @NonNull @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
      Evaluates a sensitive endpoint for an anonymous user.
      Parameters:
      request - HTTP Request
      method - Endpoint's method
      Returns:
      The Result

    • checkNotSensitive

      @NonNull protected @NonNull org.reactivestreams.Publisher<SecurityRuleResult> checkNotSensitive(@NonNull @NonNull io.micronaut.http.HttpRequest<?> request, @Nullable @Nullable Authentication authentication, @NonNull @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
      Evaluates a non sensitive endpoint.
      Parameters:
      request - HTTP Request
      authentication - The authentication, or null if none found
      method - Endpoint's method
      Returns:
      The Result

    • endpointName

      @NonNull protected @NonNull String endpointName(@NonNull @NonNull io.micronaut.inject.ExecutableMethod<?,?> method)
      Parameters:
      method - Endpoint's method
      Returns:
      A string identifying the Endpoint