micronaut-projects
diff --git a/‎security-jwt/src/test/groovy/io/micronaut/docs/jwtclaimsoverride/CustomAuthenticationProvider.java
Lines changed: 3 additions & 3 deletions b/‎security-jwt/src/test/groovy/io/micronaut/docs/jwtclaimsoverride/CustomAuthenticationProvider.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎security-jwt/src/test/groovy/io/micronaut/security/token/jwt/signature/jwks/JwksSpec.groovy
Lines changed: 2 additions & 2 deletions b/‎security-jwt/src/test/groovy/io/micronaut/security/token/jwt/signature/jwks/JwksSpec.groovy
Lines changed: 2 additions & 2 deletions
diff --git a/‎security-ldap/src/main/java/io/micronaut/security/ldap/LdapAuthenticationProvider.java
Lines changed: 5 additions & 4 deletions b/‎security-ldap/src/main/java/io/micronaut/security/ldap/LdapAuthenticationProvider.java
Lines changed: 5 additions & 4 deletions
diff --git a/‎security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/OauthPasswordAuthenticationProvider.java
Lines changed: 6 additions & 4 deletions b/‎security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/OauthPasswordAuthenticationProvider.java
Lines changed: 6 additions & 4 deletions
diff --git a/‎security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/OpenIdPasswordAuthenticationProvider.java
Lines changed: 7 additions & 5 deletions b/‎security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/OpenIdPasswordAuthenticationProvider.java
Lines changed: 7 additions & 5 deletions
diff --git a/‎security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/PasswordGrantFactory.java
Lines changed: 3 additions & 3 deletions b/‎security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/PasswordGrantFactory.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎security-oauth2/src/test/groovy/io/micronaut/security/oauth2/client/condition/PasswordGrantConditionSpec.groovy
Lines changed: 3 additions & 3 deletions b/‎security-oauth2/src/test/groovy/io/micronaut/security/oauth2/client/condition/PasswordGrantConditionSpec.groovy
Lines changed: 3 additions & 3 deletions
diff --git a/‎security-session/src/test/groovy/io/micronaut/security/session/ContextPathSpec.groovy
Lines changed: 3 additions & 3 deletions b/‎security-session/src/test/groovy/io/micronaut/security/session/ContextPathSpec.groovy
Lines changed: 3 additions & 3 deletions
diff --git a/‎security/src/main/java/io/micronaut/security/authentication/AuthenticationProvider.java
Lines changed: 7 additions & 18 deletions b/‎security/src/main/java/io/micronaut/security/authentication/AuthenticationProvider.java
Lines changed: 7 additions & 18 deletions
diff --git a/‎security/src/main/java/io/micronaut/security/authentication/AuthenticationProviderAdapter.java
Lines changed: 60 additions & 0 deletions b/‎security/src/main/java/io/micronaut/security/authentication/AuthenticationProviderAdapter.java
Lines changed: 60 additions & 0 deletions
diff --git a/‎security/src/main/java/io/micronaut/security/authentication/AuthenticationProviderUtils.java
Lines changed: 67 additions & 0 deletions b/‎security/src/main/java/io/micronaut/security/authentication/AuthenticationProviderUtils.java
Lines changed: 67 additions & 0 deletions
@@ -2,7 +2,7 @@
 package io.micronaut.docs.jwtclaimsoverride;
 
 import io.micronaut.context.annotation.Requires;
-import io.micronaut.security.authentication.AuthenticationProvider;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
 import io.micronaut.security.authentication.AuthenticationRequest;
 import io.micronaut.security.authentication.AuthenticationResponse;
 import jakarta.inject.Singleton;
@@ -14,10 +14,10 @@
 @Requires(property = "spec.name", value = "jwtclaimsoverride")
 //tag::clazz[]
 @Singleton
-public class CustomAuthenticationProvider<T> implements AuthenticationProvider<T> {
+public class CustomAuthenticationProvider<T, I, S> implements ReactiveAuthenticationProvider<T, I, S> {
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<I, S> authenticationRequest) {
         return Flux.create(emitter -> {
             emitter.next(AuthenticationResponse.success("sherlock", Collections.singletonMap("email", "[email protected]")));
             emitter.complete();
 
@@ -18,7 +18,7 @@ import io.micronaut.http.annotation.Produces
 import io.micronaut.http.client.HttpClient
 import io.micronaut.runtime.server.EmbeddedServer
 import io.micronaut.security.annotation.Secured
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider
 import io.micronaut.security.authentication.UsernamePasswordCredentials
 import io.micronaut.security.rules.SecurityRule
 import io.micronaut.security.testutils.authprovider.MockAuthenticationProvider
@@ -77,7 +77,7 @@ class JwksSpec extends Specification {
                 RSAJwkProvider,
                 JwkProvider,
                 RSASignatureGeneratorConfiguration,
-                AuthenticationProvider,
+                ReactiveAuthenticationProvider,
         ]) {
             gatewayEmbeddedServer.applicationContext.getBean(beanClazz)
         }
 
@@ -47,12 +47,13 @@
 /**
  * Authenticates against an LDAP server using the configuration provided through
  * {@link LdapConfiguration}. One provider will be created for each configuration.
- * @param <T> Request
- *
+ * @param <T> Request Context Type
+ * @param <I> Authentication Request Identity Type
+ * @param <S> Authentication Request Secret Type
  * @author James Kleeh
  * @since 1.0
  */
-public class LdapAuthenticationProvider<T> implements AuthenticationProvider<T>, Closeable {
+public class LdapAuthenticationProvider<T, I, S> implements AuthenticationProvider<T, I, S>, Closeable {
 
     private static final Logger LOG = LoggerFactory.getLogger(LdapAuthenticationProvider.class);
 
@@ -86,7 +87,7 @@ public LdapAuthenticationProvider(LdapConfiguration configuration,
     }
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<I, S> authenticationRequest) {
         Flux<AuthenticationResponse> reactiveSequence = Flux.create(emitter -> {
             String username = authenticationRequest.getIdentity().toString();
             String password = authenticationRequest.getSecret().toString();
 
@@ -15,9 +15,9 @@
  */
 package io.micronaut.security.oauth2.endpoint.token.request.password;
 
-import io.micronaut.security.authentication.AuthenticationProvider;
 import io.micronaut.security.authentication.AuthenticationRequest;
 import io.micronaut.security.authentication.AuthenticationResponse;
+import io.micronaut.security.authentication.AuthenticationProvider;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
 import io.micronaut.security.oauth2.configuration.endpoints.SecureEndpointConfiguration;
 import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
@@ -37,9 +37,11 @@
  *
  * @author Sergio del Amo
  * @since 1.2.0
- * @param <T> Request
+ * @param <T> Request Context Type
+ * @param <I> Authentication Request Identity Type
+ * @param <S> Authentication Request Secret Type
  */
-public class OauthPasswordAuthenticationProvider<T> implements AuthenticationProvider<T> {
+public class OauthPasswordAuthenticationProvider<T, I, S> implements AuthenticationProvider<T, I, S> {
 
     private final TokenEndpointClient tokenEndpointClient;
     private final SecureEndpoint secureEndpoint;
@@ -61,7 +63,7 @@ public OauthPasswordAuthenticationProvider(TokenEndpointClient tokenEndpointClie
     }
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<I, S> authenticationRequest) {
 
         OauthPasswordTokenRequestContext context = new OauthPasswordTokenRequestContext(authenticationRequest, secureEndpoint, clientConfiguration);
 
 
@@ -44,9 +44,11 @@
  *
  * @author James Kleeh
  * @since 1.2.0
- * @param <T> Request
+ * @param <T> Request Context Type
+ * @param <I> Authentication Request Identity Type
+ * @param <S> Authentication Request Secret Type
  */
-public class OpenIdPasswordAuthenticationProvider<T> implements AuthenticationProvider<T> {
+public class OpenIdPasswordAuthenticationProvider<T, I, S> implements AuthenticationProvider<T, I, S> {
 
     private final TokenEndpointClient tokenEndpointClient;
     private final SecureEndpoint secureEndpoint;
@@ -77,12 +79,12 @@ public OpenIdPasswordAuthenticationProvider(OauthClientConfiguration clientConfi
     }
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<I, S> authenticationRequest) {
 
-        OpenIdPasswordTokenRequestContext requestContext = new OpenIdPasswordTokenRequestContext(authenticationRequest, secureEndpoint, clientConfiguration);
+        OpenIdPasswordTokenRequestContext openIdPasswordTokenRequestContext = new OpenIdPasswordTokenRequestContext(authenticationRequest, secureEndpoint, clientConfiguration);
 
         return Flux.from(
-                tokenEndpointClient.sendRequest(requestContext))
+                tokenEndpointClient.sendRequest(openIdPasswordTokenRequestContext))
             .switchMap(response -> {
                 Optional<JWT> jwt = tokenResponseValidator.validate(clientConfiguration, openIdProviderMetadata, response, null);
                 if (jwt.isPresent()) {
 
@@ -21,7 +21,7 @@
 import io.micronaut.context.annotation.Requires;
 import io.micronaut.core.annotation.Internal;
 import io.micronaut.core.annotation.Nullable;
-import io.micronaut.security.authentication.AuthenticationProvider;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
 import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
 import io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient;
@@ -31,7 +31,7 @@
 import io.micronaut.security.oauth2.endpoint.token.response.validation.OpenIdTokenResponseValidator;
 
 /**
- * Factory creating {@link AuthenticationProvider} beans that delegate
+ * Factory creating {@link ReactiveAuthenticationProvider} beans that delegate
  * to the password grant flow of an OAuth 2.0 or OpenID provider.
  *
  * @author James Kleeh
@@ -61,7 +61,7 @@ class PasswordGrantFactory {
      */
     @EachBean(OauthClientConfiguration.class)
     @Requires(condition = PasswordGrantCondition.class)
-    AuthenticationProvider passwordGrantProvider(
+    ReactiveAuthenticationProvider passwordGrantProvider(
             @Parameter OauthClientConfiguration clientConfiguration,
             @Parameter @Nullable OauthAuthenticationMapper authenticationMapper,
             @Parameter @Nullable OpenIdAuthenticationMapper openIdAuthenticationMapper,
 
@@ -6,7 +6,7 @@ import io.micronaut.context.annotation.Requires
 import io.micronaut.core.annotation.Nullable
 import io.micronaut.json.JsonMapper
 import io.micronaut.json.tree.JsonNode
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider
 import io.micronaut.security.authentication.AuthenticationRequest
 import io.micronaut.security.authentication.AuthenticationResponse
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration
@@ -64,10 +64,10 @@ class PasswordGrantConditionSpec extends Specification {
         ApplicationContext ctx = ApplicationContext.run(PROPS + properties)
 
         expect:
-        ctx.containsBean(AuthenticationProvider)
+        ctx.containsBean(ReactiveAuthenticationProvider)
 
         when:
-        ctx.getBean(AuthenticationProvider)
+        ctx.getBean(ReactiveAuthenticationProvider)
 
         then:
         noExceptionThrown()
 
@@ -9,7 +9,7 @@ import io.micronaut.http.annotation.Get
 import io.micronaut.http.annotation.Produces
 import io.micronaut.http.client.exceptions.HttpClientResponseException
 import io.micronaut.security.annotation.Secured
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider
 import io.micronaut.security.authentication.AuthenticationRequest
 import io.micronaut.security.authentication.AuthenticationResponse
 import io.micronaut.security.rules.SecurityRule
@@ -71,10 +71,10 @@ class ContextPathSpec extends EmbeddedServerSpecification {
 
     @Requires(property = 'spec.name', value = 'ContextPathSpec')
     @Singleton
-    static class MockAuthenticationProvider<T> implements AuthenticationProvider<T> {
+    static class MockAuthenticationProvider<T, I, S> implements ReactiveAuthenticationProvider<T, I, S> {
 
         @Override
-        Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+        Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<I, S> authenticationRequest) {
             return Mono.<AuthenticationResponse>create(emitter -> {
                 if (authenticationRequest.identity =="user" && authenticationRequest.secret == "password") {
                     emitter.success(AuthenticationResponse.success("user"))
 
@@ -15,30 +15,19 @@
  */
 package io.micronaut.security.authentication;
 
-import io.micronaut.core.annotation.Nullable;
-import org.reactivestreams.Publisher;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
 
 /**
  * Defines an authentication provider.
  *
  * @author Sergio del Amo
  * @author Graeme Rocher
  * @since 1.0
- * @param <T> Request
+ * @param <T> Request Context Type
+ * @param <I> Authentication Request Identity Type
+ * @param <S> Authentication Request Secret Type
+ * @deprecated Use {@link io.micronaut.security.authentication.provider.AuthenticationProvider} for an imperative API or {@link ReactiveAuthenticationProvider} for a reactive API instead.
  */
-public interface AuthenticationProvider<T> {
-
-    /**
-     * Authenticates a user with the given request. If a successful authentication is
-     * returned, the object must be an instance of {@link Authentication}.
-     *
-     * Publishers <b>MUST emit cold observables</b>! This method will be called for
-     * all authenticators for each authentication request and it is assumed no work
-     * will be done until the publisher is subscribed to.
-     *
-     * @param httpRequest The http request
-     * @param authenticationRequest The credentials to authenticate
-     * @return A publisher that emits 0 or 1 responses
-     */
-    Publisher<AuthenticationResponse> authenticate(@Nullable T httpRequest, AuthenticationRequest<?, ?> authenticationRequest);
+@Deprecated(forRemoval = true, since = "4.5.0")
+public interface AuthenticationProvider<T, I, S> extends ReactiveAuthenticationProvider<T, I, S> {
 }
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2017-2023 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.authentication;
+
+import io.micronaut.context.BeanContext;
+import io.micronaut.core.annotation.Internal;
+import io.micronaut.core.annotation.NonNull;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.security.authentication.provider.AuthenticationProvider;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
+import org.reactivestreams.Publisher;
+import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Scheduler;
+
+/**
+ * Adapts between {@link io.micronaut.security.authentication.provider.AuthenticationProvider} to {@link ReactiveAuthenticationProvider}.
+ * @param <T> Request Context Type
+ * @param <I> Authentication Request Identity Type
+ * @param <S> Authentication Request Secret Type
+ */
+@Internal
+final class AuthenticationProviderAdapter<T, I, S> implements ReactiveAuthenticationProvider<T, I, S> {
+
+    @NonNull
+    private final io.micronaut.security.authentication.provider.AuthenticationProvider<T, I, S> authenticationProvider;
+
+    private final Scheduler scheduler;
+
+    public AuthenticationProviderAdapter(BeanContext beanContext,
+                                         Scheduler scheduler,
+                                         @NonNull io.micronaut.security.authentication.provider.AuthenticationProvider<T, I, S> authenticationProvider) {
+        this(authenticationProvider,
+                AuthenticationProviderUtils.isAuthenticateBlocking(beanContext, authenticationProvider) ? scheduler : null);
+    }
+
+    public AuthenticationProviderAdapter(@NonNull AuthenticationProvider<T, I, S> authenticationProvider,
+                                          @Nullable Scheduler scheduler) {
+        this.authenticationProvider = authenticationProvider;
+        this.scheduler = scheduler;
+    }
+
+    @Override
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<I, S> authenticationRequest) {
+        Mono<AuthenticationResponse> authenticationResponseMono = Mono.fromCallable(() -> authenticationProvider.authenticate(requestContext, authenticationRequest));
+        return scheduler != null ? authenticationResponseMono.subscribeOn(scheduler) : authenticationResponseMono;
+    }
+}
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2017-2023 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.authentication;
+
+import io.micronaut.context.BeanContext;
+import io.micronaut.context.BeanRegistration;
+import io.micronaut.core.annotation.Blocking;
+import io.micronaut.core.annotation.Internal;
+import io.micronaut.core.annotation.NonNull;
+import io.micronaut.http.HttpRequest;
+import io.micronaut.inject.ExecutableMethod;
+import io.micronaut.security.authentication.provider.AuthenticationProvider;
+
+import java.lang.annotation.Annotation;
+
+/**
+ * Utility class to check whether {@link io.micronaut.security.authentication.provider.AuthenticationProvider#authenticate(Object, AuthenticationRequest)} is annotated with {@link Blocking}.
+ */
+@Internal
+final class AuthenticationProviderUtils {
+    private static final String METHOD_AUTHENTICATE = "authenticate";
+
+    private AuthenticationProviderUtils() {
+    }
+
+    public static <B, I, S> boolean isAuthenticateBlocking(BeanContext beanContext,
+                                                 @NonNull AuthenticationProvider<B, I, S> authenticationProvider) {
+        if (isMethodBlocking(beanContext, authenticationProvider, METHOD_AUTHENTICATE, Object.class, AuthenticationRequest.class)) {
+            return true;
+        }
+        return isMethodBlocking(beanContext, authenticationProvider, METHOD_AUTHENTICATE, HttpRequest.class, AuthenticationRequest.class);
+    }
+
+    private static boolean isMethodBlocking(BeanContext beanContext,
+                                           @NonNull Object bean,
+                                           String methodName,
+                                           Class<?>... argumentTypes) {
+        return beanContext.findBeanRegistration(bean)
+                .map(BeanRegistration::getBeanDefinition)
+                .map(beanDefinition -> beanDefinition
+                .findMethod(methodName, argumentTypes)
+                .filter(AuthenticationProviderUtils::isBlockingMethod)
+                .isPresent())
+                .orElse(false);
+    }
+
+    private static boolean isBlockingMethod(ExecutableMethod<?, ?> executableMethod) {
+        return isMethodAnnotatedWith(executableMethod, Blocking.class);
+    }
+
+    private static boolean isMethodAnnotatedWith(ExecutableMethod<?, ?> executableMethod, Class<? extends Annotation> annotationClass) {
+        return executableMethod.getAnnotationMetadata().hasAnnotation(annotationClass);
+    }
+}