Package io.micronaut.security.rules
Class SensitiveEndpointRule
java.lang.Object
io.micronaut.security.rules.SensitiveEndpointRule
- All Implemented Interfaces:
io.micronaut.core.order.Ordered
,SecurityRule<io.micronaut.http.HttpRequest<?>>
@Requires(beans=io.micronaut.management.endpoint.EndpointSensitivityProcessor.class) @Requires(classes=io.micronaut.http.HttpRequest.class)
@Singleton
public class SensitiveEndpointRule
extends Object
implements SecurityRule<io.micronaut.http.HttpRequest<?>>
Finds any sensitive endpoints and processes requests that match their
id. The user must be authenticated to execute sensitive requests.
- Since:
- 1.0
- Author:
- Sergio del Amo, James Kleeh
-
Field Summary
FieldsModifier and TypeFieldDescriptionA map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.static final String
static final Integer
The order of the rule.Fields inherited from interface io.micronaut.core.order.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Fields inherited from interface io.micronaut.security.rules.SecurityRule
DENY_ALL, IS_ANONYMOUS, IS_AUTHENTICATED
-
Constructor Summary
ConstructorsConstructorDescriptionSensitiveEndpointRule
(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor) Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive. -
Method Summary
Modifier and TypeMethodDescriptionorg.reactivestreams.Publisher<SecurityRuleResult>
check
(io.micronaut.http.HttpRequest<?> request, Authentication authentication) Returns a publisher that is required to emit a single security result based on any conditions.protected org.reactivestreams.Publisher<SecurityRuleResult>
check
(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluate the Endpoint's method.protected org.reactivestreams.Publisher<SecurityRuleResult>
checkNotSensitive
(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluates a non sensitive endpoint.protected org.reactivestreams.Publisher<SecurityRuleResult>
checkSensitiveAnonymous
(io.micronaut.http.HttpRequest<?> request, io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluates a sensitive endpoint for an anonymous user.protected org.reactivestreams.Publisher<SecurityRuleResult>
checkSensitiveAuthenticated
(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluates a sensitive endpoint for an authenticated user.protected String
endpointName
(io.micronaut.inject.ExecutableMethod<?, ?> method) int
getOrder()
-
Field Details
-
ORDER
The order of the rule. -
NON_REPLACED_SECURITY_ERROR_MESSAGE
- See Also:
-
endpointMethods
A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.
-
-
Constructor Details
-
SensitiveEndpointRule
public SensitiveEndpointRule(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor) Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.- Parameters:
endpointSensitivityProcessor
- The endpoint configurations
-
-
Method Details
-
check
public org.reactivestreams.Publisher<SecurityRuleResult> check(io.micronaut.http.HttpRequest<?> request, @Nullable Authentication authentication) Description copied from interface:SecurityRule
Returns a publisher that is required to emit a single security result based on any conditions.- Specified by:
check
in interfaceSecurityRule<io.micronaut.http.HttpRequest<?>>
- Parameters:
request
- The current requestauthentication
- The user authentication. Null if not authenticated- Returns:
- The result
- See Also:
-
check
@NonNull protected org.reactivestreams.Publisher<SecurityRuleResult> check(@NonNull io.micronaut.http.HttpRequest<?> request, @Nullable Authentication authentication, @NonNull io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluate the Endpoint's method.- Parameters:
request
- HTTP Requestauthentication
- The authentication, or null if none foundmethod
- Route method- Returns:
- The Result
-
getOrder
public int getOrder()- Specified by:
getOrder
in interfaceio.micronaut.core.order.Ordered
-
checkSensitiveAuthenticated
@NonNull protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAuthenticated(@NonNull io.micronaut.http.HttpRequest<?> request, @NonNull Authentication authentication, @NonNull io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluates a sensitive endpoint for an authenticated user.- Parameters:
request
- HTTP Requestauthentication
- The authentication, or null if none foundmethod
- Endpoint's method- Returns:
- The Result
-
checkSensitiveAnonymous
@NonNull protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAnonymous(@NonNull io.micronaut.http.HttpRequest<?> request, @NonNull io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluates a sensitive endpoint for an anonymous user.- Parameters:
request
- HTTP Requestmethod
- Endpoint's method- Returns:
- The Result
-
checkNotSensitive
@NonNull protected org.reactivestreams.Publisher<SecurityRuleResult> checkNotSensitive(@NonNull io.micronaut.http.HttpRequest<?> request, @Nullable Authentication authentication, @NonNull io.micronaut.inject.ExecutableMethod<?, ?> method) Evaluates a non sensitive endpoint.- Parameters:
request
- HTTP Requestauthentication
- The authentication, or null if none foundmethod
- Endpoint's method- Returns:
- The Result
-
endpointName
- Parameters:
method
- Endpoint's method- Returns:
- A string identifying the Endpoint
-