add HttpRequestAuthenticationProvider and HttpRequestReactiveAuthenticationProvider

sdelamo · sdelamo · commit 0de5040e92f1 · 2023-12-13T19:56:57.000+01:00
diff --git a/security/src/main/java/io/micronaut/security/authentication/provider/HttpRequestAuthenticationProvider.java b/security/src/main/java/io/micronaut/security/authentication/provider/HttpRequestAuthenticationProvider.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017-2023 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.authentication.provider;
+
+import io.micronaut.http.HttpRequest;
+
+/**
+ * {@link AuthenticationProvider} for {@link HttpRequest}.
+ * @author Sergio del Amo
+ * @since 4.5.0
+ */
+public interface HttpRequestAuthenticationProvider extends AuthenticationProvider<HttpRequest>  {
+}
diff --git a/security/src/main/java/io/micronaut/security/authentication/provider/HttpRequestReactiveAuthenticationProvider.java b/security/src/main/java/io/micronaut/security/authentication/provider/HttpRequestReactiveAuthenticationProvider.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017-2023 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.authentication.provider;
+
+import io.micronaut.http.HttpRequest;
+
+/**
+ * {@link ReactiveAuthenticationProvider} for {@link HttpRequest}.
+ * @author Sergio del Amo
+ * @since 4.5.0
+ */
+public interface HttpRequestReactiveAuthenticationProvider extends ReactiveAuthenticationProvider<HttpRequest>  {
+}
diff --git a/security/src/test/groovy/io/micronaut/security/authentication/provider/HttpRequestAuthenticationProviderSpec.groovy b/security/src/test/groovy/io/micronaut/security/authentication/provider/HttpRequestAuthenticationProviderSpec.groovy
@@ -0,0 +1,80 @@
+package io.micronaut.security.authentication.provider
+
+import io.micronaut.context.annotation.Property
+import io.micronaut.context.annotation.Requires
+import io.micronaut.core.annotation.NonNull
+import io.micronaut.core.annotation.Nullable
+import io.micronaut.http.HttpRequest
+import io.micronaut.http.HttpStatus
+import io.micronaut.http.MutableHttpRequest
+import io.micronaut.http.annotation.Controller
+import io.micronaut.http.annotation.Get
+import io.micronaut.http.client.BlockingHttpClient
+import io.micronaut.http.client.HttpClient
+import io.micronaut.http.client.annotation.Client
+import io.micronaut.http.client.exceptions.HttpClientResponseException
+import io.micronaut.security.annotation.Secured
+import io.micronaut.security.authentication.AuthenticationRequest
+import io.micronaut.security.authentication.AuthenticationResponse
+import io.micronaut.security.rules.SecurityRule
+import io.micronaut.test.extensions.spock.annotation.MicronautTest
+import jakarta.inject.Inject
+import jakarta.inject.Singleton
+import spock.lang.Specification
+
+@Property(name = "spec.name", value = "HttpRequestAuthenticationProviderSpec")
+@MicronautTest
+class HttpRequestAuthenticationProviderSpec extends Specification {
+
+    @Inject
+    @Client("/")
+    HttpClient httpClient
+
+    void "imperative auth provider"() {
+        given:
+        BlockingHttpClient client = httpClient.toBlocking()
+        String expected = '{"message":"Hello World"}'
+
+        when:
+        String json = client.retrieve(createRequest("sherlock", "password").header("X-API-Version", "v1"))
+
+        then:
+        noExceptionThrown()
+        expected == json
+
+        when:
+        client.retrieve(createRequest("sherlock", "password"))
+
+        then:
+        HttpClientResponseException ex = thrown()
+        HttpStatus.UNAUTHORIZED == ex.status
+    }
+
+    private MutableHttpRequest<?> createRequest(String userName, String password) {
+        HttpRequest.GET("/messages").basicAuth(userName, password)
+    }
+
+    @Requires(property = "spec.name", value = "HttpRequestAuthenticationProviderSpec")
+    @Singleton
+    static class SherlockAuthenticationProvider implements HttpRequestAuthenticationProvider {
+        @Override
+        AuthenticationResponse authenticate(@Nullable HttpRequest httpRequest, @NonNull AuthenticationRequest authRequest) {
+            if (httpRequest.headers.contains("X-API-Version") && authRequest.identity == "sherlock") {
+                return AuthenticationResponse.success(authRequest.identity.toString())
+            }
+            AuthenticationResponse.failure()
+        }
+    }
+
+
+    @Requires(property = "spec.name", value = "HttpRequestAuthenticationProviderSpec")
+    @Controller("/messages")
+    static class HelloWorldController {
+
+        @Secured(SecurityRule.IS_AUTHENTICATED)
+        @Get
+        Map<String, Object> index() {
+            [message: "Hello World"]
+        }
+    }
+}
diff --git a/security/src/test/groovy/io/micronaut/security/authentication/provider/HttpRequestReactiveAuthenticationProviderSpec.groovy b/security/src/test/groovy/io/micronaut/security/authentication/provider/HttpRequestReactiveAuthenticationProviderSpec.groovy
@@ -0,0 +1,82 @@
+package io.micronaut.security.authentication.provider
+
+import io.micronaut.context.annotation.Property
+import io.micronaut.context.annotation.Requires
+import io.micronaut.core.annotation.NonNull
+import io.micronaut.core.annotation.Nullable
+import io.micronaut.core.async.annotation.SingleResult
+import io.micronaut.http.HttpRequest
+import io.micronaut.http.HttpStatus
+import io.micronaut.http.MutableHttpRequest
+import io.micronaut.http.annotation.Controller
+import io.micronaut.http.annotation.Get
+import io.micronaut.http.client.BlockingHttpClient
+import io.micronaut.http.client.HttpClient
+import io.micronaut.http.client.annotation.Client
+import io.micronaut.http.client.exceptions.HttpClientResponseException
+import io.micronaut.security.annotation.Secured
+import io.micronaut.security.authentication.AuthenticationRequest
+import io.micronaut.security.authentication.AuthenticationResponse
+import io.micronaut.security.rules.SecurityRule
+import io.micronaut.test.extensions.spock.annotation.MicronautTest
+import jakarta.inject.Inject
+import jakarta.inject.Singleton
+import org.reactivestreams.Publisher
+import reactor.core.publisher.Mono
+import spock.lang.Specification
+
+@Property(name = "spec.name", value = "HttpRequestReactiveAuthenticationProviderSpec")
+@MicronautTest
+class HttpRequestReactiveAuthenticationProviderSpec extends Specification {
+
+    @Inject
+    @Client("/")
+    HttpClient httpClient
+
+    void "imperative auth provider"() {
+        given:
+        BlockingHttpClient client = httpClient.toBlocking()
+        String expected = '{"message":"Hello World"}'
+
+        when:
+        String json = client.retrieve(createRequest("sherlock", "password").header("X-API-Version", "v1"))
+
+        then:
+        noExceptionThrown()
+        expected == json
+
+        when:
+        client.retrieve(createRequest("sherlock", "password"))
+
+        then:
+        HttpClientResponseException ex = thrown()
+        HttpStatus.UNAUTHORIZED == ex.status
+    }
+
+    private MutableHttpRequest<?> createRequest(String userName, String password) {
+        HttpRequest.GET("/messages").basicAuth(userName, password)
+    }
+
+    @Requires(property = "spec.name", value = "HttpRequestReactiveAuthenticationProviderSpec")
+    @Singleton
+    static class SherlockAuthenticationProvider implements HttpRequestReactiveAuthenticationProvider {
+        @Override
+        @SingleResult
+        Publisher<AuthenticationResponse> authenticate(@Nullable HttpRequest httpRequest, @NonNull AuthenticationRequest authRequest) {
+            Mono.just((httpRequest.headers.contains("X-API-Version") && authRequest.identity == "sherlock")
+                    ? AuthenticationResponse.success(authRequest.identity.toString())
+                    : AuthenticationResponse.failure())
+        }
+    }
+
+    @Requires(property = "spec.name", value = "HttpRequestReactiveAuthenticationProviderSpec")
+    @Controller("/messages")
+    static class HelloWorldController {
+
+        @Secured(SecurityRule.IS_AUTHENTICATED)
+        @Get
+        Map<String, Object> index() {
+            [message: "Hello World"]
+        }
+    }
+}
diff --git a/src/main/docs/guide/authenticationProviders.adoc b/src/main/docs/guide/authenticationProviders.adoc
@@ -1,4 +1,4 @@
-To authenticate users you must provide implementations of api:security.authentication.provider.ReactiveAuthenticationProvider[].
+To authenticate users you must provide implementations of api:security.authentication.provider.ReactiveAuthenticationProvider[] or api:security.authentication.provider.HttpRequestReactiveAuthenticationProvider[].
 
 The following code snippet illustrates a naive implementation:
 
diff --git a/src/main/docs/guide/authenticationProviders/imperativeAuthenticationProviders.adoc b/src/main/docs/guide/authenticationProviders/imperativeAuthenticationProviders.adoc
@@ -1,4 +1,4 @@
-The api:security.authentication.provider.ReactiveAuthenticationProvider[] interface is a reactive API. If you prefer an imperative style, you can instead implement the api:security.authentication.provider.AuthenticationProvider[] interface:
+The api:security.authentication.provider.ReactiveAuthenticationProvider[] interface is a reactive API. If you prefer an imperative style, you can instead implement the api:security.authentication.provider.AuthenticationProvider[] or api:security.authentication.provider.HttpRequestAuthenticationProvider[] interface:
 
 snippet::io.micronaut.security.docs.blockingauthenticationprovider.CustomAuthenticationProvider[tags="clazz"]
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-To authenticate users you must provide implementations of api:security.authentication.provider.ReactiveAuthenticationProvider[].`
	`1`	`+To authenticate users you must provide implementations of api:security.authentication.provider.ReactiveAuthenticationProvider[] or api:security.authentication.provider.HttpRequestReactiveAuthenticationProvider[].`
`2`	`2`
`3`	`3`	`The following code snippet illustrates a naive implementation:`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-The api:security.authentication.provider.ReactiveAuthenticationProvider[] interface is a reactive API. If you prefer an imperative style, you can instead implement the api:security.authentication.provider.AuthenticationProvider[] interface:`
	`1`	`+The api:security.authentication.provider.ReactiveAuthenticationProvider[] interface is a reactive API. If you prefer an imperative style, you can instead implement the api:security.authentication.provider.AuthenticationProvider[] or api:security.authentication.provider.HttpRequestAuthenticationProvider[] interface:`
`2`	`2`
`3`	`3`	`snippet::io.micronaut.security.docs.blockingauthenticationprovider.CustomAuthenticationProvider[tags="clazz"]`
`4`	`4`