net.devh.boot.grpc.server.security.interceptors

Class DefaultAuthenticatingServerInterceptor

java.lang.Object

net.devh.boot.grpc.server.security.interceptors.DefaultAuthenticatingServerInterceptor

All Implemented Interfaces:

ServerInterceptor, AuthenticatingServerInterceptor

@GrpcGlobalServerInterceptor
 @Order(value=5100)
public class DefaultAuthenticatingServerInterceptor
extends Object
implements AuthenticatingServerInterceptor

A server interceptor that tries to read the credentials from the client and authenticate them. This interceptor sets the authentication to both grpc's Context and SecurityContextHolder.

This works similar to the org.springframework.security.web.authentication.AuthenticationFilter.

Note: This interceptor works similar to Contexts.interceptCall(Context, ServerCall, Metadata, ServerCallHandler).

Field Summary

Fields inherited from interface net.devh.boot.grpc.server.security.interceptors.AuthenticatingServerInterceptor

AUTHENTICATION_CONTEXT_KEY, SECURITY_CONTEXT_KEY

Constructor Summary

Constructors

Constructor and Description
DefaultAuthenticatingServerInterceptor(AuthenticationManager authenticationManager, GrpcAuthenticationReader authenticationReader) Creates a new DefaultAuthenticatingServerInterceptor with the given authentication manager and reader.

Method Summary

Modifier and Type	Method and Description
<ReqT,RespT> ServerCall.Listener<ReqT>	interceptCall(ServerCall<ReqT,RespT> call, Metadata headers, ServerCallHandler<ReqT,RespT> next)
protected void	onSuccessfulAuthentication(ServerCall<?,?> call, Metadata headers, Authentication authentication) Hook that will be called on successful authentication.
protected void	onUnsuccessfulAuthentication(ServerCall<?,?> call, Metadata headers, AuthenticationException failed) Hook that will be called on unsuccessful authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthenticatingServerInterceptor

@Autowired
public DefaultAuthenticatingServerInterceptor(AuthenticationManager authenticationManager,
                                                         GrpcAuthenticationReader authenticationReader)

Creates a new DefaultAuthenticatingServerInterceptor with the given authentication manager and reader.

Parameters:

authenticationManager - The authentication manager used to verify the credentials.

authenticationReader - The authentication reader used to extract the credentials from the call.

Method Detail

interceptCall

public <ReqT,RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT,RespT> call,
                                                            Metadata headers,
                                                            ServerCallHandler<ReqT,RespT> next)

Specified by:

interceptCall in interface ServerInterceptor

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(ServerCall<?,?> call,
                                          Metadata headers,
                                          Authentication authentication)

Hook that will be called on successful authentication. Implementations may only use the call instance in a non-disruptive manor, that is accessing call attributes or the call descriptor. Implementations must not pollute the current thread/context with any call-related state, including authentication, beyond the duration of the method invocation. At the time of calling both the grpc context and the security context have been updated to reflect the state of the authentication and thus don't have to be setup manually.

Note: This method is called regardless of whether the authenticated user is authorized or not to perform the requested action.

By default, this method does nothing.

Parameters:

call - The call instance to receive response messages.

headers - The headers associated with the call.

authentication - The successful authentication instance.

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(ServerCall<?,?> call,
                                            Metadata headers,
                                            AuthenticationException failed)

Hook that will be called on unsuccessful authentication. Implementations must use the call instance only in a non-disruptive manner, i.e. to access call attributes or the call descriptor. Implementations must not close the call and must not pollute the current thread/context with any call-related state, including authentication, beyond the duration of the method invocation.

Note: This method is called only if the request contains an authentication but the AuthenticationManager considers it invalid. This method is not called if an authenticated user is not authorized to perform the requested action.

By default, this method does nothing.

Parameters:

call - The call instance to receive response messages.

headers - The headers associated with the call.

failed - The exception related to the unsuccessful authentication.