javamicronautmicronaut-security
Authentication is null Micronaut 3
I have a Micronaut 3 application, while using the JWT token the Authentication attribute on check method is null, however, I need to get all the roles from the JWT.
As per latest change from Micronaut
SecurityRule Changes
The SecurityRule API has changed. The last argument to the method was a map that represented the user attributes. Instead that argument was replaced with a reference to the Authentication. This has the benefit of rules now having access to the username of the logged in user as well as access to the convenience method getRoles().
@Singleton
public class AuthorityHandler implements SecurityRule {
@Override
public Publisher<SecurityRuleResult> check(HttpRequest<?> request, RouteMatch<?> routeMatch, Authentication authentication) {
if (routeMatch instanceof MethodBasedRouteMatch methodBasedRouteMatch) {
if (methodBasedRouteMatch.hasAnnotation(IRequirement.class)) {
AnnotationValue<IRequirement> requiredPermissionAnnotation = methodBasedRouteMatch.getAnnotation(IRequirement.class);
Optional<String> resourceIdName = requiredPermissionAnnotation.stringValue("resourceName");
String[] permissions = requiredPermissionAnnotation.stringValues("permission");
if (permissions.length > 0 && resourceIdName.isPresent() && authentication != null) {
List<String> identityClaims = (List<String>) authentication.getRoles();
if (Arrays.stream(permissions).anyMatch(element -> identityClaims.contains(element)))
return Mono.just(SecurityRuleResult.ALLOWED);
else
return Mono.just(SecurityRuleResult.REJECTED);
}
}
}
return Mono.just(SecurityRuleResult.UNKNOWN);
}
}
@Post
@IRequirement(resourceName = ClaimType.TAG_PRODUCT, permission = {ClaimValue.TAG_OWNER,ClaimValue.TAG_CREATOR,ClaimValue.TAG_VIEWER })
Mono<MutableHttpResponse<?>> post(@Body @Valid CategoryCommand model);
I am login to the application and passing the JWT token from request received from Identity server and it has roles as well. What I am missing or making mistake?
configuration
micronaut:
application:
name: fetebirdApigateway
server:
port: 8080
cors:
enabled: true
http-version: 2.0
security:
enabled: true
token:
jwt:
enabled: true
signatures:
jwks:
IdentityServer:
url: 'https://localhost:5001/.well-known/openid-configuration/jwks'
propagation:
enabled: true
header:
enabled: true
header-name: "Authorization"
prefix: "Bearer "
service-id-regex: "fetebirdProductPublisher|feteBirdService"
intercept-url-map:
- pattern: /swagger-ui/**
httpMethod: GET
access:
- isAnonymous()
- pattern: /swagger/**
access:
- isAnonymous()
router:
static-resources:
swagger:
paths: classpath:META-INF/swagger
mapping: /swagger/**
swagger-ui:
paths: classpath:META-INF/swagger/views/swagger-ui
mapping: /swagger-ui/**
tracing:
zipkin:
enabled: true
http:
url: http://localhost:9411
sampler:
probability: 0.1
consul:
client:
registration:
enabled: true
defaultZone: ${CONSUL_HOST:localhost}:${CONSUL_PORT:8500}
jackson:
serializationInclusion: ALWAYS
Decoding JWT
{
"nbf": 1634908283,
"exp": 1634908483,
"iss": "https://localhost:5001",
"client_id": "Fete_Bird_UI",
"sub": "673533cc-7c0b-40f3-80ac-222696df385d",
"auth_time": 1634906895,
"idp": "local",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "673533cc-7c0b-40f3-80ac-222696df385d",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "[email protected]",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "[email protected]",
"AspNet.Identity.SecurityStamp": "812aa4cb-b9f1-48ac-9e39-1f0dceb6f1c4",
"identityserver": "owner",
"fb_product": "owner",
"fb_order": "owner",
"fb_payment": "owner",
"jti": "4AD786103632F389C21E10794E87BEC2",
"sid": "D0423E9D4C5DDC6575448F6C65537B63",
"iat": 1634908283,
"scope": [
"openid",
"profile",
"email"
],
"amr": [
"pwd"
]
}
Claims
"identityserver": "owner",
"fb_product": "owner",
"fb_order": "owner",
"fb_payment": "owner",
Solution
Add a breakpoint to JwtValidator
and increase the log level for security. Add the following line in logback.xml:
<logger name="io.micronaut.security" level="TRACE"/>
- NoClassDefFoundError org/apache/poi/ss/usermodel/Workbook
- Tinkerpop vertex property single cardinality is not working
- What's the difference between ZonedDateTime and OffsetDateTime?
- Error: The method add(Shape) in the type ArrayList<Shape> is not applicable for the arguments (Shape.Rectangle)
- How do I save ArrayLists with different names in a while loop?
- How to parse a BPMN file with Java?
- IntelliJ - test configuration. How to configure once run for everyone?
- Jasper Reports: JRBeanCollectionDataSource cannot be resolved to a type
- What is a "static class" in Java?
- Spring's @RequestParam with Enum
- Do Java arrays have a maximum size?
- How to automatically convert if-else if statement to switch
- net.sf.jsqlparser.parser.ParseException: Encountered unexpected token: "@" "@"
- Java: Making System.out.println() argument span multiple lines?
- Identifier versus keyword
- How can I multiply all the digits in an integer (between 000 & 1000 exclusive) without using control statements or loops?
- Jackson deserialize generic class with field T as POJO or String array
- Role-based authentication not working with Keycloak and Java Spring
- Installing two apk using one apk
- @KafkaHandler in the consumer doesn't consume the topic message as an object class, only as a string
- map vs flatMap in reactor
- Request Matcher not working to permit allowed path
- Java - Sending an object that points to a BufferedImage through a Socket
- does NewDirectByteBuffer create a copy in native code
- Excel-like JTable Cell Editor, with an empty cell at edition start
- Adding binary numbers
- Java Spring API NoClassDefFoundError: javax/persistence/EntityManagerFactory
- Leetcode - Find the student that will replace the chalk
- UnsatisfiedDependencyException: Error creating bean with name
- Is there a way to save multiple config files in a sub-folder of the plugin-folder (Spigot & Maven)