micronaut-security-attributes

Brings authentication attributes validation part of controller using annotations. This is a tiny extension of micronaut-security using a new security rule SecuredAttributesRule handling @SecuredAttributes annotation. Library is not related to any particular authentication method its target is to handle in generic way authentication attributes available in Authentication instance.

For more details check https://micronaut-projects.github.io/micronaut-security/latest/api/io/micronaut/security/authentication/Authentication.html

Setup

To use the Micronaut’s security capabilities you must have the security dependency on your classpath. For example in build.gradle

Official Micronaut Security Guide` is available with following link https://micronaut-projects.github.io/micronaut-security/latest/guide/

dependencies{ 
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security"

    // Set your preferred authentication method 
    // compile "io.micronaut.configuration:micronaut-security-ldap"
    // compile "io.micronaut.configuration:micronaut-security-jwt"  

    compile "com.pulsarix.micronaut:micronaut-security-attributes:1.0.0"
}

Examples

Validate authentication attribute using contains parameter

@Controller
class Controller{
        @Get
        @SecuredAttributes(value={
           @Attribute(name="iss", contains={ "appIssuer"}),
        })
        public HttpResponse index(){
            // your endpoint code here
        }       
}

Validate authentication attribute using matches parameter

@Controller
class Controller{
        @Get
        @SecuredAttributes(value={
           @Attribute(name="iss", matches="[a-zA-z]+"),
        })
        public HttpResponse index(){
            // your endpoint code here
        }       
}

Validate multiple authentication attributes using contains parameter

@Controller
class Controller{
        @Get
        @SecuredAttributes(value={
                @Attribute(name="iss", contains={ "appIssuer" }),
                @Attribute(name="scp", contains={"read"})
        })
        public HttpResponse index(){
            // your endpoint code here
        }       
}

Validate authentication attribute using custom validator

As first step create a new validator class by implementing SecuredAttributeValidator. Given example below is validating if resouce identifier is part of scopes claim of jwt token.

@Singleton
public class ResourceIdScopeValidator extends SecuredAttributeValidator {

    private static final String ATTRIBUTE_SCOPES = "scp";

    /**
     * {@inheritDoc}
     */
    @Override
    public SecurityRuleResult validate(HttpRequest request, Map<String, Object> attributes) {

        SecurityRuleResult result = SecurityRuleResult.REJECTED;

        if (attributes != null) {
            List<String> scopes = Attributes.find(attributes, ATTRIBUTE_SCOPES);
            String resourceId = getResourceId(request);
            if (scopes.contains(resourceId)) {
                result = SecurityRuleResult.ALLOWED;
            }
        }

        return result;
    }

    /**
     * Gets resource id from given http request.
     *
     * @param request http request
     * @return resource identifier
     */
    String getResourceId(HttpRequest request) {
        URI uri = request.getUri();
        String path = uri.getPath();
        return path.substring(path.lastIndexOf('/') + 1);
    }
}

@Controller
class Controller{
        @Get("/resource/{id}")
        @SecuredAttributes(value={
             @Attribute(validator=ResourceIdScopeValidator.class) 
        })
        public HttpResponse index(final @PathVariable String id){
            // your endpoint code here
        }       
}