use of io.micronaut.http.HttpRequest in project micronaut-security by micronaut-projects.
the class InterceptUrlMapRule method check.
/**
* If no configured pattern matches the request, return {@link SecurityRuleResult#UNKNOWN}.
* Reads the rules in order. The first matched rule will be used for determining authorization.
*
* @param request The current request
* @param routeMatch The matched route
* @param authentication The user authentication. Null if not authenticated
* @return The result
*/
@Override
public Publisher<SecurityRuleResult> check(HttpRequest<?> request, @Nullable RouteMatch<?> routeMatch, @Nullable Authentication authentication) {
final String path = request.getUri().getPath();
final HttpMethod httpMethod = request.getMethod();
Predicate<InterceptUrlMapPattern> exactMatch = p -> pathMatcher.matches(p.getPattern(), path) && p.getHttpMethod().isPresent() && httpMethod.equals(p.getHttpMethod().get());
Predicate<InterceptUrlMapPattern> uriPatternMatchOnly = p -> pathMatcher.matches(p.getPattern(), path) && !p.getHttpMethod().isPresent();
Optional<InterceptUrlMapPattern> matchedPattern = getPatternList().stream().filter(exactMatch).findFirst();
// if we don't get an exact match try to find a match by the uri pattern
if (!matchedPattern.isPresent()) {
if (LOG.isDebugEnabled()) {
LOG.debug("No url map pattern exact match found for path [{}] and method [{}]. Searching in patterns with no defined method.", path, httpMethod);
}
matchedPattern = getPatternList().stream().filter(uriPatternMatchOnly).findFirst();
if (LOG.isDebugEnabled()) {
if (matchedPattern.isPresent()) {
LOG.debug("Url map pattern found for path [{}]. Comparing roles.", path);
} else {
LOG.debug("No url map pattern match found for path [{}]. Returning unknown.", path);
}
}
}
return Mono.from(matchedPattern.map(pattern -> compareRoles(pattern.getAccess(), getRoles(authentication))).orElse(Mono.just(SecurityRuleResult.UNKNOWN)));
}
use of io.micronaut.http.HttpRequest in project micronaut-graphql by micronaut-projects.
the class LoginDataFetcher method get.
@Override
public LoginPayload get(DataFetchingEnvironment environment) throws Exception {
GraphQLContext graphQLContext = environment.getContext();
if (LOGIN_RATE_LIMIT_REMAINING <= 0) {
addRateLimitHeaders(graphQLContext);
resetRateLimit();
return LoginPayload.ofError("Rate Limit Exceeded");
}
HttpRequest httpRequest = graphQLContext.get("httpRequest");
MutableHttpResponse<String> httpResponse = graphQLContext.get("httpResponse");
String username = environment.getArgument("username");
String password = environment.getArgument("password");
UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(username, password);
LOGIN_RATE_LIMIT_REMAINING--;
Flux<AuthenticationResponse> authenticationResponseFlowable = Flux.from(authenticator.authenticate(httpRequest, usernamePasswordCredentials));
return authenticationResponseFlowable.map(authenticationResponse -> {
addRateLimitHeaders(graphQLContext);
if (authenticationResponse.isAuthenticated()) {
eventPublisher.publishEvent(new LoginSuccessfulEvent(authenticationResponse));
Optional<Cookie> jwtCookie = accessTokenCookie(Authentication.build(username), httpRequest);
jwtCookie.ifPresent(httpResponse::cookie);
User user = userRepository.findByUsername(username).orElse(null);
return LoginPayload.ofUser(user);
} else {
eventPublisher.publishEvent(new LoginFailedEvent(authenticationResponse));
return LoginPayload.ofError(authenticationResponse.getMessage().orElse(null));
}
}).blockFirst();
}
use of io.micronaut.http.HttpRequest in project micronaut-graphql by micronaut-projects.
the class GraphQLWsMessageHandler method executeRequest.
@SuppressWarnings("rawtypes")
private Publisher<GraphQLWsResponse> executeRequest(String operationId, GraphQLRequestBody payload, WebSocketSession session) {
GraphQLInvocationData invocationData = new GraphQLInvocationData(payload.getQuery(), payload.getOperationName(), payload.getVariables());
HttpRequest httpRequest = session.get(HTTP_REQUEST_KEY, HttpRequest.class).orElseThrow(() -> new RuntimeException("HttpRequest could not be retrieved from websocket session"));
Publisher<ExecutionResult> executionResult = graphQLInvocation.invoke(invocationData, httpRequest, null);
Publisher<GraphQLResponseBody> responseBody = graphQLExecutionResultHandler.handleExecutionResult(executionResult);
return Flux.from(responseBody).flatMap(body -> responseSender.send(operationId, body, session));
}
Aggregations