Package net.devh.boot.grpc.server.security.interceptors

Class DefaultAuthenticatingServerInterceptor

java.lang.Object
net.devh.boot.grpc.server.security.interceptors.DefaultAuthenticatingServerInterceptor
All Implemented Interfaces:
ServerInterceptor, AuthenticatingServerInterceptor
@GrpcGlobalServerInterceptor @Order(5100) public class DefaultAuthenticatingServerInterceptor extends Object implements AuthenticatingServerInterceptor
A server interceptor that tries to read the credentials from the client and authenticate them. This interceptor sets the authentication to both grpc's Context and SecurityContextHolder.

This works similar to the org.springframework.security.web.authentication.AuthenticationFilter.

Note: This interceptor works similar to Contexts.interceptCall(Context, ServerCall, Metadata, ServerCallHandler).

  • Constructor Details

    • DefaultAuthenticatingServerInterceptor

      @Autowired public DefaultAuthenticatingServerInterceptor(AuthenticationManager authenticationManager, GrpcAuthenticationReader authenticationReader)
      Creates a new DefaultAuthenticatingServerInterceptor with the given authentication manager and reader.
      Parameters:
      authenticationManager - The authentication manager used to verify the credentials.
      authenticationReader - The authentication reader used to extract the credentials from the call.

  • Method Details

    • interceptCall

      public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT,RespT> call, Metadata headers, ServerCallHandler<ReqT,RespT> next)
      Specified by:
      interceptCall in interface ServerInterceptor

    • onSuccessfulAuthentication

      protected void onSuccessfulAuthentication(ServerCall<?,?> call, Metadata headers, Authentication authentication)
      Hook that will be called on successful authentication. Implementations may only use the call instance in a non-disruptive manor, that is accessing call attributes or the call descriptor. Implementations must not pollute the current thread/context with any call-related state, including authentication, beyond the duration of the method invocation. At the time of calling both the grpc context and the security context have been updated to reflect the state of the authentication and thus don't have to be setup manually.

      Note: This method is called regardless of whether the authenticated user is authorized or not to perform the requested action.

      By default, this method does nothing.

      Parameters:
      call - The call instance to receive response messages.
      headers - The headers associated with the call.
      authentication - The successful authentication instance.

    • onUnsuccessfulAuthentication

      protected void onUnsuccessfulAuthentication(ServerCall<?,?> call, Metadata headers, AuthenticationException failed)
      Hook that will be called on unsuccessful authentication. Implementations must use the call instance only in a non-disruptive manner, i.e. to access call attributes or the call descriptor. Implementations must not close the call and must not pollute the current thread/context with any call-related state, including authentication, beyond the duration of the method invocation.

      Note: This method is called only if the request contains an authentication but the AuthenticationManager considers it invalid. This method is not called if an authenticated user is not authorized to perform the requested action.

      By default, this method does nothing.

      Parameters:
      call - The call instance to receive response messages.
      headers - The headers associated with the call.
      failed - The exception related to the unsuccessful authentication.