io.micronaut.security.authentication.Authenticator Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of micronaut-security Show documentation
Show all versions of micronaut-security Show documentation
Official Security Solution for Micronaut
/*
* Copyright 2017-2020 original authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.micronaut.security.authentication;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.config.AuthenticationStrategy;
import io.micronaut.security.config.SecurityConfiguration;
import jakarta.inject.Singleton;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Exceptions;
import reactor.core.publisher.Flux;
import reactor.core.publisher.FluxSink;
import reactor.core.publisher.Mono;
/**
* An Authenticator operates on several {@link AuthenticationProvider} instances returning the first
* authenticated {@link AuthenticationResponse}.
*
* @author Sergio del Amo
* @author Graeme Rocher
* @since 1.0
*/
@Singleton
public class Authenticator {
private static final Logger LOG = LoggerFactory.getLogger(Authenticator.class);
protected final Collection authenticationProviders;
private final SecurityConfiguration securityConfiguration;
/**
* @param authenticationProviders A list of available authentication providers
* @param securityConfiguration The security configuration
*/
public Authenticator(Collection authenticationProviders,
SecurityConfiguration securityConfiguration) {
this.authenticationProviders = authenticationProviders;
this.securityConfiguration = securityConfiguration;
}
/**
* Authenticates the user with the provided credentials.
*
* @param request The HTTP request
* @param authenticationRequest Represents a request to authenticate.
* @return A publisher that emits {@link AuthenticationResponse} objects
*/
public Publisher authenticate(HttpRequest request, AuthenticationRequest authenticationRequest) {
if (this.authenticationProviders == null) {
return Flux.empty();
}
if (LOG.isDebugEnabled()) {
LOG.debug(authenticationProviders.stream().map(AuthenticationProvider::getClass).map(Class::getName).collect(Collectors.joining()));
}
Flux[] emptyArr = new Flux[0];
if (securityConfiguration != null && securityConfiguration.getAuthenticationProviderStrategy() == AuthenticationStrategy.ALL) {
return Flux.mergeDelayError(1,
authenticationProviders.stream()
.map(provider -> Flux.from(provider.authenticate(request, authenticationRequest))
.switchMap(this::handleResponse)
.switchIfEmpty(Flux.error(() -> new AuthenticationException("Provider did not respond. Authentication rejected"))))
.collect(Collectors.toList())
.toArray(emptyArr))
.last()
.onErrorResume(t -> Mono.just(authenticationResponseForThrowable(t)))
.flux();
} else {
AtomicReference lastError = new AtomicReference<>();
Flux authentication = Flux.mergeDelayError(1, authenticationProviders.stream()
.map(auth -> auth.authenticate(request, authenticationRequest))
.map(Flux::from)
.map(sequence -> sequence.switchMap(this::handleResponse).onErrorResume(t -> {
lastError.set(t);
return Flux.empty();
})).collect(Collectors.toList())
.toArray(emptyArr));
return authentication.take(1)
.switchIfEmpty(Flux.create(emitter -> {
Throwable error = lastError.get();
if (error != null) {
if (error instanceof AuthenticationException) {
AuthenticationResponse response = ((AuthenticationException) error).getResponse();
if (response != null) {
emitter.next(response);
emitter.complete();
} else {
emitter.error(error);
}
} else {
emitter.error(error);
}
} else {
emitter.complete();
}
}, FluxSink.OverflowStrategy.ERROR));
}
}
private Flux handleResponse(AuthenticationResponse response) {
if (response.isAuthenticated()) {
return Flux.just(response);
} else {
return Flux.error(new AuthenticationException(response));
}
}
@NonNull
private AuthenticationResponse authenticationResponseForThrowable(Throwable t) {
if (Exceptions.isMultiple(t)) {
List exceptions = Exceptions.unwrapMultiple(t);
return new AuthenticationFailed(exceptions.get(exceptions.size() - 1).getMessage());
}
return new AuthenticationFailed(t.getMessage());
}
}