- All Known Implementing Classes:
SecurityHttpFeature
public interface HttpSecurity
WebServer security.
-
Method Summary
Modifier and TypeMethodDescriptionboolean
authenticate
(ServerRequest request, ServerResponse response, boolean requiredHint) Authenticates the current request according to security configuration.boolean
authorize
(ServerRequest request, ServerResponse response, String... roleHint) Authorize the current request according to security configuration.static HttpSecurity
create()
Create a default implementation of server security.
-
Method Details
-
create
Create a default implementation of server security.- Returns:
- a new server security that is not backed by any configuration or providers.
-
authenticate
boolean authenticate(ServerRequest request, ServerResponse response, boolean requiredHint) throws UnauthorizedException Authenticates the current request according to security configuration. When there is no security implementation present, and required hint is set tofalse
this is a no-op.- Parameters:
request
- server request to read data for authenticationresponse
- server responserequiredHint
- whether authentication is expected- Returns:
- whether you should continue with other tasks in this request, if
false
is returned, the response was already sent, and you should immediately return without modifying it - Throws:
UnauthorizedException
- when authentication was expected but could not be resolved
-
authorize
boolean authorize(ServerRequest request, ServerResponse response, String... roleHint) throws ForbiddenException Authorize the current request according to security configuration. When there is no security implementation present and there are no roles defined, this is a no-op; if roles are defined this method throwsForbiddenException
by default.- Parameters:
request
- server request to read data for authorizationresponse
- server responseroleHint
- the use should have at least one of the roles specified (only used when the security is configured to support roles)- Returns:
- whether you should continue with other tasks in this request, if
false
is returned, the response was already sent, and you should immediately return without modifying it - Throws:
ForbiddenException
- when authorization failed and this request cannot proceed
-