Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leverage expression language with @Secured #1273

Closed
sdelamo opened this issue Mar 23, 2023 · 1 comment · Fixed by #1309
Closed

Leverage expression language with @Secured #1273

sdelamo opened this issue Mar 23, 2023 · 1 comment · Fixed by #1309
Assignees
@sdelamo @wetted
Labels
status: next major version The issue will be considered for the next major version type: enhancement New feature or request

Comments

@sdelamo
Copy link
Contributor

sdelamo commented Mar 23, 2023
edited
Loading

See: micronaut-projects/micronaut-core#8954

Maybe something like upport something like: @secured(condition = "#{authentication.attributes.email == '[email protected]' }
@sdelamo sdelamo added type: enhancement New feature or request status: next major version The issue will be considered for the next major version labels Mar 23, 2023
@sdelamo sdelamo self-assigned this Mar 23, 2023
@sdelamo
Copy link
Contributor Author

sdelamo commented May 8, 2023
edited by wetted
Loading

Dean Wette
Graeme Rocher
: et al. I am looking at the new Expression Langue support in core for annotations. Is there an example yet of a module adopting it? I want to add it support for it in micronaut-security for @secured.
I'm reading the docs for it now.
Graeme Rocher
the ScheduledMethodProcessor that handles @scheduled supports it https://github.com/micronaut-projects/micronaut-core/blob/229c8431b19d9dc193bc38a5c94a6ccfc5b19eff/context/src/main/java/io/micronaut/scheduling/processor/ScheduledMethodProcessor.java#L128
also the RouteCondition annotation micronaut-projects/micronaut-core@0c8c44f#diff-9ac4218f12d1e60cac3ba04a5e44101c6f6defa0b4cb484298334682684a4d24R878-R883
in the case of @secured I reckon you would probably want to meta-annotate it with @AnnotationExpressionContext
similar to micronaut-projects/micronaut-core@0c8c44f#diff-a0c20bfe8a1a092d9d79b32901aa2b957713d927baef480fcf2fb7503c1a18edR42
and provide a context that can do hasRole(..) etc.
then you would modify

micronaut-security/security/src/main/java/io/micronaut/security/rules/SecuredAnnotationRule.java

Line 67 in b2a9de2

if (methodRoute.hasAnnotation(Secured.class)) {

to check whether Secured is an EvaluatedAnnotationValue
Graeme Rocher
I don't think a new condition member is needed
you can probably just support using the value of @secured as an expression

@sdelamo sdelamo linked a pull request May 10, 2023 that will close this issue
Expression language support for Authentication #1309
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sdelamo sdelamo

@wetted wetted

Labels
status: next major version The issue will be considered for the next major version type: enhancement New feature or request
Projects
No open projects
4.0.0 Release
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Expression language support for Authentication micronaut-projects/micronaut-security
2 participants
@sdelamo @wetted