Add Imperative AuthenticationProvider and Reactive AuthenticationProvider

security-jwt/src/test/groovy/io/micronaut/docs/jwtclaimsoverride/CustomAuthenticationProvider.java

@@ -2,7 +2,7 @@
 package io.micronaut.docs.jwtclaimsoverride;
 
 import io.micronaut.context.annotation.Requires;
-import io.micronaut.security.authentication.AuthenticationProvider;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
 import io.micronaut.security.authentication.AuthenticationRequest;
 import io.micronaut.security.authentication.AuthenticationResponse;
 import jakarta.inject.Singleton;
@@ -14,10 +14,10 @@
 @Requires(property = "spec.name", value = "jwtclaimsoverride")
 //tag::clazz[]
 @Singleton
-public class CustomAuthenticationProvider<T> implements AuthenticationProvider<T> {
+public class CustomAuthenticationProvider<T> implements ReactiveAuthenticationProvider<T> {
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<?, ?> authenticationRequest) {
         return Flux.create(emitter -> {
             emitter.next(AuthenticationResponse.success("sherlock", Collections.singletonMap("email", "[email protected]")));
             emitter.complete();

security-jwt/src/test/groovy/io/micronaut/security/token/jwt/signature/jwks/JwksSpec.groovy

@@ -18,7 +18,7 @@ import io.micronaut.http.annotation.Produces
 import io.micronaut.http.client.HttpClient
 import io.micronaut.runtime.server.EmbeddedServer
 import io.micronaut.security.annotation.Secured
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider
 import io.micronaut.security.authentication.UsernamePasswordCredentials
 import io.micronaut.security.rules.SecurityRule
 import io.micronaut.security.testutils.authprovider.MockAuthenticationProvider
@@ -77,7 +77,7 @@ class JwksSpec extends Specification {
                 RSAJwkProvider,
                 JwkProvider,
                 RSASignatureGeneratorConfiguration,
-                AuthenticationProvider,
+                ReactiveAuthenticationProvider,
         ]) {
             gatewayEmbeddedServer.applicationContext.getBean(beanClazz)
         }

security-ldap/src/main/java/io/micronaut/security/ldap/LdapAuthenticationProvider.java

@@ -86,7 +86,7 @@ public LdapAuthenticationProvider(LdapConfiguration configuration,
     }
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<?, ?> authenticationRequest) {
         Flux<AuthenticationResponse> reactiveSequence = Flux.create(emitter -> {
             String username = authenticationRequest.getIdentity().toString();
             String password = authenticationRequest.getSecret().toString();

security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/OauthPasswordAuthenticationProvider.java

@@ -15,9 +15,9 @@
  */
 package io.micronaut.security.oauth2.endpoint.token.request.password;
 
-import io.micronaut.security.authentication.AuthenticationProvider;
 import io.micronaut.security.authentication.AuthenticationRequest;
 import io.micronaut.security.authentication.AuthenticationResponse;
+import io.micronaut.security.authentication.AuthenticationProvider;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
 import io.micronaut.security.oauth2.configuration.endpoints.SecureEndpointConfiguration;
 import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
@@ -61,7 +61,7 @@ public OauthPasswordAuthenticationProvider(TokenEndpointClient tokenEndpointClie
     }
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<?, ?> authenticationRequest) {
 
         OauthPasswordTokenRequestContext context = new OauthPasswordTokenRequestContext(authenticationRequest, secureEndpoint, clientConfiguration);
 

security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/OpenIdPasswordAuthenticationProvider.java

@@ -77,12 +77,12 @@ public OpenIdPasswordAuthenticationProvider(OauthClientConfiguration clientConfi
     }
 
     @Override
-    public Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+    public Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<?, ?> authenticationRequest) {
 
-        OpenIdPasswordTokenRequestContext requestContext = new OpenIdPasswordTokenRequestContext(authenticationRequest, secureEndpoint, clientConfiguration);
+        OpenIdPasswordTokenRequestContext openIdPasswordTokenRequestContext = new OpenIdPasswordTokenRequestContext(authenticationRequest, secureEndpoint, clientConfiguration);
 
         return Flux.from(
-                tokenEndpointClient.sendRequest(requestContext))
+                tokenEndpointClient.sendRequest(openIdPasswordTokenRequestContext))
             .switchMap(response -> {
                 Optional<JWT> jwt = tokenResponseValidator.validate(clientConfiguration, openIdProviderMetadata, response, null);
                 if (jwt.isPresent()) {

security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/token/request/password/PasswordGrantFactory.java

@@ -21,7 +21,7 @@
 import io.micronaut.context.annotation.Requires;
 import io.micronaut.core.annotation.Internal;
 import io.micronaut.core.annotation.Nullable;
-import io.micronaut.security.authentication.AuthenticationProvider;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
 import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
 import io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient;
@@ -31,7 +31,7 @@
 import io.micronaut.security.oauth2.endpoint.token.response.validation.OpenIdTokenResponseValidator;
 
 /**
- * Factory creating {@link AuthenticationProvider} beans that delegate
+ * Factory creating {@link ReactiveAuthenticationProvider} beans that delegate
  * to the password grant flow of an OAuth 2.0 or OpenID provider.
  *
  * @author James Kleeh
@@ -61,7 +61,7 @@ class PasswordGrantFactory {
      */
     @EachBean(OauthClientConfiguration.class)
     @Requires(condition = PasswordGrantCondition.class)
-    AuthenticationProvider passwordGrantProvider(
+    ReactiveAuthenticationProvider passwordGrantProvider(
             @Parameter OauthClientConfiguration clientConfiguration,
             @Parameter @Nullable OauthAuthenticationMapper authenticationMapper,
             @Parameter @Nullable OpenIdAuthenticationMapper openIdAuthenticationMapper,

security-oauth2/src/test/groovy/io/micronaut/security/oauth2/client/condition/PasswordGrantConditionSpec.groovy

@@ -6,7 +6,7 @@ import io.micronaut.context.annotation.Requires
 import io.micronaut.core.annotation.Nullable
 import io.micronaut.json.JsonMapper
 import io.micronaut.json.tree.JsonNode
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider
 import io.micronaut.security.authentication.AuthenticationRequest
 import io.micronaut.security.authentication.AuthenticationResponse
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration
@@ -64,10 +64,10 @@ class PasswordGrantConditionSpec extends Specification {
         ApplicationContext ctx = ApplicationContext.run(PROPS + properties)
 
         expect:
-        ctx.containsBean(AuthenticationProvider)
+        ctx.containsBean(ReactiveAuthenticationProvider)
 
         when:
-        ctx.getBean(AuthenticationProvider)
+        ctx.getBean(ReactiveAuthenticationProvider)
 
         then:
         noExceptionThrown()

security-session/src/test/groovy/io/micronaut/security/session/ContextPathSpec.groovy

@@ -9,7 +9,7 @@ import io.micronaut.http.annotation.Get
 import io.micronaut.http.annotation.Produces
 import io.micronaut.http.client.exceptions.HttpClientResponseException
 import io.micronaut.security.annotation.Secured
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider
 import io.micronaut.security.authentication.AuthenticationRequest
 import io.micronaut.security.authentication.AuthenticationResponse
 import io.micronaut.security.rules.SecurityRule
@@ -71,10 +71,10 @@ class ContextPathSpec extends EmbeddedServerSpecification {
 
     @Requires(property = 'spec.name', value = 'ContextPathSpec')
     @Singleton
-    static class MockAuthenticationProvider<T> implements AuthenticationProvider<T> {
+    static class MockAuthenticationProvider<T> implements ReactiveAuthenticationProvider<T> {
 
         @Override
-        Publisher<AuthenticationResponse> authenticate(T httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
+        Publisher<AuthenticationResponse> authenticate(T requestContext, AuthenticationRequest<?, ?> authenticationRequest) {
             return Mono.<AuthenticationResponse>create(emitter -> {
                 if (authenticationRequest.identity =="user" && authenticationRequest.secret == "password") {
                     emitter.success(AuthenticationResponse.success("user"))

security/src/main/java/io/micronaut/security/authentication/AuthenticationProvider.java

@@ -15,8 +15,7 @@
  */
 package io.micronaut.security.authentication;
 
-import io.micronaut.core.annotation.Nullable;
-import org.reactivestreams.Publisher;
+import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
 
 /**
  * Defines an authentication provider.
@@ -25,20 +24,8 @@
  * @author Graeme Rocher
  * @since 1.0
  * @param <T> Request
+ * @deprecated Use {@link io.micronaut.security.authentication.provider.AuthenticationProvider} for an imperative API or {@link ReactiveAuthenticationProvider} for a reactive API instead.
  */
-public interface AuthenticationProvider<T> {
-
-    /**
-     * Authenticates a user with the given request. If a successful authentication is
-     * returned, the object must be an instance of {@link Authentication}.
-     *
-     * Publishers <b>MUST emit cold observables</b>! This method will be called for
-     * all authenticators for each authentication request and it is assumed no work
-     * will be done until the publisher is subscribed to.
-     *
-     * @param httpRequest The http request
-     * @param authenticationRequest The credentials to authenticate
-     * @return A publisher that emits 0 or 1 responses
-     */
-    Publisher<AuthenticationResponse> authenticate(@Nullable T httpRequest, AuthenticationRequest<?, ?> authenticationRequest);
+@Deprecated(forRemoval = true, since = "4.5.0")
+public interface AuthenticationProvider<T> extends ReactiveAuthenticationProvider<T> {
 }