net.devh.boot.grpc.server.autoconfigure

Class GrpcServerSecurityAutoConfiguration

java.lang.Object

net.devh.boot.grpc.server.autoconfigure.GrpcServerSecurityAutoConfiguration

@Configuration
 @ConditionalOnBean(value=org.springframework.security.authentication.AuthenticationManager.class)
 @AutoConfigureAfter(value=org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration.class)
public class GrpcServerSecurityAutoConfiguration
extends Object

Auto configuration class with the required beans for the spring-security configuration of the grpc server.

To enable security add both an AuthenticationManager and a GrpcAuthenticationReader to the application context. The authentication reader obtains the credentials from the requests which then will be validated by the authentication manager. After that, you can decide how you want to secure your application. Currently these options are available:

• Use Spring Security's annotations. This requires @EnableGlobalMethodSecurity(proxyTargetClass = true, ...).
• Having both an AccessDecisionManager and a GrpcSecurityMetadataSource in the application context.

Note: The order of the beans is important! First the exception translating interceptor, then the authenticating interceptor and finally the authorization checking interceptor. That is necessary because they are executed in the same order as their order.

Constructor Summary

Constructors

Constructor and Description
GrpcServerSecurityAutoConfiguration()

Method Summary

Modifier and Type	Method and Description
AuthenticatingServerInterceptor	authenticatingServerInterceptor(AuthenticationManager authenticationManager, GrpcAuthenticationReader authenticationReader) The security interceptor that handles the authentication of requests.
AuthorizationCheckingServerInterceptor	authorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager, GrpcSecurityMetadataSource securityMetadataSource) The security interceptor that handles the authorization of requests.
ExceptionTranslatingServerInterceptor	exceptionTranslatingServerInterceptor() The interceptor for handling security related exceptions such as AuthenticationException and AccessDeniedException.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GrpcServerSecurityAutoConfiguration

public GrpcServerSecurityAutoConfiguration()

Method Detail

exceptionTranslatingServerInterceptor

@Bean
 @ConditionalOnMissingBean
public ExceptionTranslatingServerInterceptor exceptionTranslatingServerInterceptor()

The interceptor for handling security related exceptions such as AuthenticationException and AccessDeniedException.

Returns:

The exceptionTranslatingServerInterceptor bean.

authenticatingServerInterceptor

@Bean
 @ConditionalOnMissingBean
public AuthenticatingServerInterceptor authenticatingServerInterceptor(AuthenticationManager authenticationManager,
                                                                                                        GrpcAuthenticationReader authenticationReader)

The security interceptor that handles the authentication of requests.

Parameters:

authenticationManager - The authentication manager used to verify the credentials.

authenticationReader - The authentication reader used to extract the credentials from the call.

Returns:

The authenticatingServerInterceptor bean.

authorizationCheckingServerInterceptor

@Bean
 @ConditionalOnMissingBean
 @ConditionalOnBean(value={org.springframework.security.access.AccessDecisionManager.class,GrpcSecurityMetadataSource.class})
public AuthorizationCheckingServerInterceptor authorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager,
                                                                                                                                                                                                                                                    GrpcSecurityMetadataSource securityMetadataSource)

The security interceptor that handles the authorization of requests.

Parameters:

accessDecisionManager - The access decision manager used to check the requesting user.

securityMetadataSource - The source for the security metadata (access constraints).

Returns:

The authorizationCheckingServerInterceptor bean.