Skip to content

Micronaut security attributes - secure your endpoints by validating authentication attribute using micronaut-security and a bit more. Library is not limited to any specific authentication method and is expected to work with supported authentication methods from micronaut.

License

Notifications You must be signed in to change notification settings

pulsarix/micronaut-security-attributes

 
 

Repository files navigation

micronaut-security-attributes

Maven Central

Brings authentication attributes validation part of controller using annotations. This is a tiny extension of micronaut-security using a new security rule SecuredAttributesRule handling @SecuredAttributes annotation. Library is not related to any particular authentication method its target is to handle in generic way authentication attributes available in Authentication instance.

For more details check https://docs.micronaut.io/latest/api/io/micronaut/security/authentication/Authentication.html

Setup

To use the Micronaut’s security capabilities you must have the security dependency on your classpath. For example in build.gradle

Official Micronaut Security Guide` is available with following link https://micronaut-projects.github.io/micronaut-security/latest/guide/

dependencies{ 
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security"

    // Set your preferred authentication method 
    // compile "io.micronaut.configuration:micronaut-security-ldap"
    // compile "io.micronaut.configuration:micronaut-security-jwt"  

    compile "com.pulsarix.micronaut:micronaut-security-attributes:1.0.0"
}

Examples

Validate authentication attribute using contains parameter

@Controller
class Controller{
        @Get
        @SecuredAttributes(value={
           @Attribute(name="iss", contains={ "appIssuer"}),
        })
        public HttpResponse index(){
            // your endpoint code here
        }       
}

Validate authentication attribute using matches parameter

@Controller
class Controller{
        @Get
        @SecuredAttributes(value={
           @Attribute(name="iss", matches="[a-zA-z]+"),
        })
        public HttpResponse index(){
            // your endpoint code here
        }       
}

Validate multiple authentication attributes using contains parameter

@Controller
class Controller{
        @Get
        @SecuredAttributes(value={
                @Attribute(name="iss", contains={ "appIssuer" }),
                @Attribute(name="scp", contains={"read"})
        })
        public HttpResponse index(){
            // your endpoint code here
        }       
}

Validate authentication attribute using custom validator

As first step create a new validator class by implementing SecuredAttributeValidator. Given example below is validating if resouce identifier is part of scopes claim of jwt token.

@Singleton
public class ResourceIdScopeValidator extends SecuredAttributeValidator {

    private static final String ATTRIBUTE_SCOPES = "scp";

    /**
     * {@inheritDoc}
     */
    @Override
    public SecurityRuleResult validate(HttpRequest request, Map<String, Object> attributes) {

        SecurityRuleResult result = SecurityRuleResult.REJECTED;

        if (attributes != null) {
            List<String> scopes = Attributes.find(attributes, ATTRIBUTE_SCOPES);
            String resourceId = getResourceId(request);
            if (scopes.contains(resourceId)) {
                result = SecurityRuleResult.ALLOWED;
            }
        }

        return result;
    }

    /**
     * Gets resource id from given http request.
     *
     * @param request http request
     * @return resource identifier
     */
    String getResourceId(HttpRequest request) {
        URI uri = request.getUri();
        String path = uri.getPath();
        return path.substring(path.lastIndexOf('/') + 1);
    }
}
@Controller
class Controller{
        @Get("/resource/{id}")
        @SecuredAttributes(value={
             @Attribute(validator=ResourceIdScopeValidator.class) 
        })
        public HttpResponse index(final @PathVariable String id){
            // your endpoint code here
        }       
}

About

Micronaut security attributes - secure your endpoints by validating authentication attribute using micronaut-security and a bit more. Library is not limited to any specific authentication method and is expected to work with supported authentication methods from micronaut.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 100.0%