Package net.devh.boot.grpc.server.security.interceptors

Class AuthorizationCheckingServerInterceptor

java.lang.Object

org.springframework.security.access.intercept.AbstractSecurityInterceptor

net.devh.boot.grpc.server.security.interceptors.AuthorizationCheckingServerInterceptor

All Implemented Interfaces:

ServerInterceptor, Aware, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

@GrpcGlobalServerInterceptor
@Order(5200)
public class AuthorizationCheckingServerInterceptor
extends AbstractSecurityInterceptor
implements ServerInterceptor

A server interceptor that will check the security context whether it has permission to access the grpc method. This interceptor uses a GrpcSecurityMetadataSource to obtain the information how the called method is protected and uses an AccessDecisionManager to evaluate that information. This interceptor isn't needed if you use spring's security annotations, but can be used additionally. An example use case of using both would be requiring all users to be authenticated, while using the annotations to require further permissions.

Note: If you use spring's security annotations, the you have to use @EnableGlobalMethodSecurity(proxyTargetClass = true, ...)

Field Summary

Fields inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor

logger, messages

Constructor Summary

Constructors

Constructor	Description
AuthorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager, GrpcSecurityMetadataSource securityMetadataSource)	Creates a new AuthorizationCheckingServerInterceptor with the given AccessDecisionManager and GrpcSecurityMetadataSource.

Method Summary

Modifier and Type	Method	Description
Class<?>	getSecureObjectClass()
<ReqT, RespT> ServerCall.Listener<ReqT>	interceptCall(ServerCall<ReqT,RespT> call, Metadata headers, ServerCallHandler<ReqT,RespT> next)
SecurityMetadataSource	obtainSecurityMetadataSource()

Methods inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor

afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setSecurityContextHolderStrategy, setValidateConfigAttributes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthorizationCheckingServerInterceptor

public AuthorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager,
 GrpcSecurityMetadataSource securityMetadataSource)

Creates a new AuthorizationCheckingServerInterceptor with the given AccessDecisionManager and GrpcSecurityMetadataSource.

Parameters:

accessDecisionManager - The access decision manager to use.

securityMetadataSource - The security metadata source to use.

Method Details

interceptCall

public <ReqT,
RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT,RespT> call,
 Metadata headers,
 ServerCallHandler<ReqT,RespT> next)

Specified by:

interceptCall in interface ServerInterceptor

getSecureObjectClass

public Class<?> getSecureObjectClass()

Specified by:

getSecureObjectClass in class AbstractSecurityInterceptor

obtainSecurityMetadataSource

public SecurityMetadataSource obtainSecurityMetadataSource()

Specified by:

obtainSecurityMetadataSource in class AbstractSecurityInterceptor