Class GrpcServerSecurityAutoConfiguration
java.lang.Object
net.devh.boot.grpc.server.autoconfigure.GrpcServerSecurityAutoConfiguration
@Configuration(proxyBeanMethods=false)
@ConditionalOnBean(org.springframework.security.authentication.AuthenticationManager.class)
@AutoConfigureAfter(org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class)
public class GrpcServerSecurityAutoConfiguration
extends Object
Auto configuration class with the required beans for the spring-security configuration of the grpc server.
To enable security add both an AuthenticationManager and a GrpcAuthenticationReader to the
application context. The authentication reader obtains the credentials from the requests which then will be validated
by the authentication manager. After that, you can decide how you want to secure your application. Currently these
options are available:
- Use Spring Security's annotations. This requires
@EnableGlobalMethodSecurity(proxyTargetClass = true, ...). - Having both an
AccessDecisionManagerand aGrpcSecurityMetadataSourcein the application context.
Note: The order of the beans is important! First the exception translating interceptor, then the authenticating interceptor and finally the authorization checking interceptor. That is necessary because they are executed in the same order as their order.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionauthenticatingServerInterceptor(AuthenticationManager authenticationManager, GrpcAuthenticationReader authenticationReader) The security interceptor that handles the authentication of requests.authorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager, GrpcSecurityMetadataSource securityMetadataSource) The security interceptor that handles the authorization of requests.The interceptor for handling security related exceptions such asAuthenticationExceptionandAccessDeniedException.
-
Constructor Details
-
GrpcServerSecurityAutoConfiguration
public GrpcServerSecurityAutoConfiguration()
-
-
Method Details
-
exceptionTranslatingServerInterceptor
@Bean @ConditionalOnMissingBean public ExceptionTranslatingServerInterceptor exceptionTranslatingServerInterceptor()The interceptor for handling security related exceptions such asAuthenticationExceptionandAccessDeniedException.- Returns:
- The exceptionTranslatingServerInterceptor bean.
-
authenticatingServerInterceptor
@Bean @ConditionalOnMissingBean(AuthenticatingServerInterceptor.class) public DefaultAuthenticatingServerInterceptor authenticatingServerInterceptor(AuthenticationManager authenticationManager, GrpcAuthenticationReader authenticationReader) The security interceptor that handles the authentication of requests.- Parameters:
authenticationManager- The authentication manager used to verify the credentials.authenticationReader- The authentication reader used to extract the credentials from the call.- Returns:
- The authenticatingServerInterceptor bean.
-
authorizationCheckingServerInterceptor
@Bean @ConditionalOnMissingBean @ConditionalOnBean({org.springframework.security.access.AccessDecisionManager.class,GrpcSecurityMetadataSource.class}) public AuthorizationCheckingServerInterceptor authorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager, GrpcSecurityMetadataSource securityMetadataSource) The security interceptor that handles the authorization of requests.- Parameters:
accessDecisionManager- The access decision manager used to check the requesting user.securityMetadataSource- The source for the security metadata (access constraints).- Returns:
- The authorizationCheckingServerInterceptor bean.
-