Package io.micronaut.security.rules

Class SensitiveEndpointRule

  • All Implemented Interfaces:
    io.micronaut.core.order.Ordered, SecurityRule
    @Requires(beans=io.micronaut.management.endpoint.EndpointSensitivityProcessor.class)
@Singleton
public class SensitiveEndpointRule
extends java.lang.Object
implements SecurityRule
    Finds any sensitive endpoints and processes requests that match their id. The user must be authenticated to execute sensitive requests.
    Since:
    1.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected java.util.Map<io.micronaut.inject.ExecutableMethod,​java.lang.Boolean> endpointMethods
      A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.
      static java.lang.String NON_REPLACED_SECURITY_ERROR_MESSAGE  
      static java.lang.Integer ORDER
      The order of the rule.

      • Fields inherited from interface io.micronaut.core.order.Ordered

        HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

    • Constructor Summary

      Constructors 
      Constructor Description
      SensitiveEndpointRule​(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor)
      Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected org.reactivestreams.Publisher<SecurityRuleResult> check​(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?,​?> method)
      Evaluate the Endpoint's method.
      org.reactivestreams.Publisher<SecurityRuleResult> check​(io.micronaut.http.HttpRequest<?> request, io.micronaut.web.router.RouteMatch<?> routeMatch, Authentication authentication)
      Returns a publisher that is required to emit a single security result based on any conditions.
      protected org.reactivestreams.Publisher<SecurityRuleResult> checkNotSensitive​(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?,​?> method)
      Evaluates a non sensitive endpoint.
      protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAnonymous​(io.micronaut.http.HttpRequest<?> request, io.micronaut.inject.ExecutableMethod<?,​?> method)
      Evaluates a sensitive endpoint for an anonymous user.
      protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAuthenticated​(io.micronaut.http.HttpRequest<?> request, Authentication authentication, io.micronaut.inject.ExecutableMethod<?,​?> method)
      Evaluates a sensitive endpoint for an authenticated user.
      protected java.lang.String endpointName​(io.micronaut.inject.ExecutableMethod<?,​?> method)  
      int getOrder()  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • ORDER

        public static final java.lang.Integer ORDER
        The order of the rule.

      • NON_REPLACED_SECURITY_ERROR_MESSAGE

        public static final java.lang.String NON_REPLACED_SECURITY_ERROR_MESSAGE
        See Also:
        Constant Field Values

      • endpointMethods

        protected final java.util.Map<io.micronaut.inject.ExecutableMethod,​java.lang.Boolean> endpointMethods
        A map where the key represents the method of an endpoint and the value represents the endpoints sensitivity.

    • Constructor Detail

      • SensitiveEndpointRule

        public SensitiveEndpointRule​(io.micronaut.management.endpoint.EndpointSensitivityProcessor endpointSensitivityProcessor)
        Constructs the rule with the existing and default endpoint configurations used to determine if a given endpoint is sensitive.
        Parameters:
        endpointSensitivityProcessor - The endpoint configurations

    • Method Detail

      • check

        public org.reactivestreams.Publisher<SecurityRuleResult> check​(io.micronaut.http.HttpRequest<?> request,
                                                               @Nullable
                                                               io.micronaut.web.router.RouteMatch<?> routeMatch,
                                                               @Nullable
                                                               Authentication authentication)
        Description copied from interface: SecurityRule
        Returns a publisher that is required to emit a single security result based on any conditions.
        Specified by:
        check in interface SecurityRule
        Parameters:
        request - The current request
        routeMatch - The matched route or empty if no route was matched. e.g. static resource.
        authentication - The user authentication. Null if not authenticated
        Returns:
        The result
        See Also:
        SecurityRuleResult

      • check

        @NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> check​(@NonNull
                                                                  io.micronaut.http.HttpRequest<?> request,
                                                                  @Nullable
                                                                  Authentication authentication,
                                                                  @NonNull
                                                                  io.micronaut.inject.ExecutableMethod<?,​?> method)
        Evaluate the Endpoint's method.
        Parameters:
        request - HTTP Request
        authentication - The authentication, or null if none found
        method - Route method
        Returns:
        The Result

      • getOrder

        public int getOrder()
        Specified by:
        getOrder in interface io.micronaut.core.order.Ordered

      • checkSensitiveAuthenticated

        @NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAuthenticated​(@NonNull
                                                                                        io.micronaut.http.HttpRequest<?> request,
                                                                                        @NonNull
                                                                                        Authentication authentication,
                                                                                        @NonNull
                                                                                        io.micronaut.inject.ExecutableMethod<?,​?> method)
        Evaluates a sensitive endpoint for an authenticated user.
        Parameters:
        request - HTTP Request
        authentication - The authentication, or null if none found
        method - Endpoint's method
        Returns:
        The Result

      • checkSensitiveAnonymous

        @NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> checkSensitiveAnonymous​(@NonNull
                                                                                    io.micronaut.http.HttpRequest<?> request,
                                                                                    @NonNull
                                                                                    io.micronaut.inject.ExecutableMethod<?,​?> method)
        Evaluates a sensitive endpoint for an anonymous user.
        Parameters:
        request - HTTP Request
        method - Endpoint's method
        Returns:
        The Result

      • checkNotSensitive

        @NonNull
protected org.reactivestreams.Publisher<SecurityRuleResult> checkNotSensitive​(@NonNull
                                                                              io.micronaut.http.HttpRequest<?> request,
                                                                              @Nullable
                                                                              Authentication authentication,
                                                                              @NonNull
                                                                              io.micronaut.inject.ExecutableMethod<?,​?> method)
        Evaluates a non sensitive endpoint.
        Parameters:
        request - HTTP Request
        authentication - The authentication, or null if none found
        method - Endpoint's method
        Returns:
        The Result

      • endpointName

        @NonNull
protected java.lang.String endpointName​(@NonNull
                                        io.micronaut.inject.ExecutableMethod<?,​?> method)
        Parameters:
        method - Endpoint's method
        Returns:
        A string identifying the Endpoint