use of io.micronaut.security.config.InterceptUrlMapPattern in project micronaut-security by micronaut-projects.
the class InterceptUrlMapRule method check.
/**
* If no configured pattern matches the request, return {@link SecurityRuleResult#UNKNOWN}.
* Reads the rules in order. The first matched rule will be used for determining authorization.
*
* @param request The current request
* @param routeMatch The matched route
* @param authentication The user authentication. Null if not authenticated
* @return The result
*/
@Override
public Publisher<SecurityRuleResult> check(HttpRequest<?> request, @Nullable RouteMatch<?> routeMatch, @Nullable Authentication authentication) {
final String path = request.getUri().getPath();
final HttpMethod httpMethod = request.getMethod();
Predicate<InterceptUrlMapPattern> exactMatch = p -> pathMatcher.matches(p.getPattern(), path) && p.getHttpMethod().isPresent() && httpMethod.equals(p.getHttpMethod().get());
Predicate<InterceptUrlMapPattern> uriPatternMatchOnly = p -> pathMatcher.matches(p.getPattern(), path) && !p.getHttpMethod().isPresent();
Optional<InterceptUrlMapPattern> matchedPattern = getPatternList().stream().filter(exactMatch).findFirst();
// if we don't get an exact match try to find a match by the uri pattern
if (!matchedPattern.isPresent()) {
if (LOG.isDebugEnabled()) {
LOG.debug("No url map pattern exact match found for path [{}] and method [{}]. Searching in patterns with no defined method.", path, httpMethod);
}
matchedPattern = getPatternList().stream().filter(uriPatternMatchOnly).findFirst();
if (LOG.isDebugEnabled()) {
if (matchedPattern.isPresent()) {
LOG.debug("Url map pattern found for path [{}]. Comparing roles.", path);
} else {
LOG.debug("No url map pattern match found for path [{}]. Returning unknown.", path);
}
}
}
return Mono.from(matchedPattern.map(pattern -> compareRoles(pattern.getAccess(), getRoles(authentication))).orElse(Mono.just(SecurityRuleResult.UNKNOWN)));
}
Aggregations