Search in sources :

Example 1 with InterceptUrlMapPattern

use of io.micronaut.security.config.InterceptUrlMapPattern in project micronaut-security by micronaut-projects.

the class InterceptUrlMapRule method check.

/**
 * If no configured pattern matches the request, return {@link SecurityRuleResult#UNKNOWN}.
 * Reads the rules in order. The first matched rule will be used for determining authorization.
 *
 * @param request The current request
 * @param routeMatch The matched route
 * @param authentication The user authentication. Null if not authenticated
 * @return The result
 */
@Override
public Publisher<SecurityRuleResult> check(HttpRequest<?> request, @Nullable RouteMatch<?> routeMatch, @Nullable Authentication authentication) {
    final String path = request.getUri().getPath();
    final HttpMethod httpMethod = request.getMethod();
    Predicate<InterceptUrlMapPattern> exactMatch = p -> pathMatcher.matches(p.getPattern(), path) && p.getHttpMethod().isPresent() && httpMethod.equals(p.getHttpMethod().get());
    Predicate<InterceptUrlMapPattern> uriPatternMatchOnly = p -> pathMatcher.matches(p.getPattern(), path) && !p.getHttpMethod().isPresent();
    Optional<InterceptUrlMapPattern> matchedPattern = getPatternList().stream().filter(exactMatch).findFirst();
    // if we don't get an exact match try to find a match by the uri pattern
    if (!matchedPattern.isPresent()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("No url map pattern exact match found for path [{}] and method [{}]. Searching in patterns with no defined method.", path, httpMethod);
        }
        matchedPattern = getPatternList().stream().filter(uriPatternMatchOnly).findFirst();
        if (LOG.isDebugEnabled()) {
            if (matchedPattern.isPresent()) {
                LOG.debug("Url map pattern found for path [{}]. Comparing roles.", path);
            } else {
                LOG.debug("No url map pattern match found for path [{}]. Returning unknown.", path);
            }
        }
    }
    return Mono.from(matchedPattern.map(pattern -> compareRoles(pattern.getAccess(), getRoles(authentication))).orElse(Mono.just(SecurityRuleResult.UNKNOWN)));
}
Also used : HttpMethod(io.micronaut.http.HttpMethod) Logger(org.slf4j.Logger) Predicate(java.util.function.Predicate) Publisher(org.reactivestreams.Publisher) LoggerFactory(org.slf4j.LoggerFactory) Authentication(io.micronaut.security.authentication.Authentication) PathMatcher(io.micronaut.core.util.PathMatcher) Mono(reactor.core.publisher.Mono) AntPathMatcher(io.micronaut.core.util.AntPathMatcher) InterceptUrlMapPattern(io.micronaut.security.config.InterceptUrlMapPattern) List(java.util.List) Nullable(io.micronaut.core.annotation.Nullable) RolesFinder(io.micronaut.security.token.RolesFinder) Optional(java.util.Optional) HttpRequest(io.micronaut.http.HttpRequest) RouteMatch(io.micronaut.web.router.RouteMatch) Inject(jakarta.inject.Inject) InterceptUrlMapPattern(io.micronaut.security.config.InterceptUrlMapPattern) HttpMethod(io.micronaut.http.HttpMethod)

Aggregations

Nullable (io.micronaut.core.annotation.Nullable)1 AntPathMatcher (io.micronaut.core.util.AntPathMatcher)1 PathMatcher (io.micronaut.core.util.PathMatcher)1 HttpMethod (io.micronaut.http.HttpMethod)1 HttpRequest (io.micronaut.http.HttpRequest)1 Authentication (io.micronaut.security.authentication.Authentication)1 InterceptUrlMapPattern (io.micronaut.security.config.InterceptUrlMapPattern)1 RolesFinder (io.micronaut.security.token.RolesFinder)1 RouteMatch (io.micronaut.web.router.RouteMatch)1 Inject (jakarta.inject.Inject)1 List (java.util.List)1 Optional (java.util.Optional)1 Predicate (java.util.function.Predicate)1 Publisher (org.reactivestreams.Publisher)1 Logger (org.slf4j.Logger)1 LoggerFactory (org.slf4j.LoggerFactory)1 Mono (reactor.core.publisher.Mono)1