void extractQueryParams(SecurityContext securityContext, ServerRequest req) { Map<String, List<String>> headers = new HashMap<>(); queryParamHandlers.forEach(handler -> handler.extract(req, headers)); //the following line is not possible, as headers are read //only in web server, must explicitly send them with security requests //headers.forEach(req.headers()::put); // update environment in context with the found headers securityContext.env(securityContext.env().derive() .headers(headers) .build()); }
.path(requestContext.getUri().getPath()) .targetUri(requestContext.getUri()) .headers(HttpUtil.toSimpleMap(requestContext.getStringHeaders()));
/** * Derive a new environment builder based on this environment. * * @return builder to build a new environment overriding only needed values with a new timestamp */ public Builder derive() { return builder(timeProvider) .attributes(properties) .targetUri(targetUri) .method(method) .transport(transport) .path(path.orElse(null)) .headers(headers); }
.path(requestContext.getUri().getPath()) .targetUri(requestContext.getUri()) .headers(HttpUtil.toSimpleMap(requestContext.getStringHeaders()));
.targetUri(filterContext.getTargetUri()) .method(filterContext.getMethod()) .headers(allHeaders) .addAttribute("resourceType", filterContext.getResourceName()) .build();
private void registerContext(ServerRequest req, ServerResponse res) { Map<String, List<String>> allHeaders = new HashMap<>(req.headers().toMap()); Optional<Map> newHeaders = req.context().get(CONTEXT_ADD_HEADERS, Map.class); newHeaders.ifPresent(allHeaders::putAll); //make sure there is no context if (!req.context().get(SecurityContext.class).isPresent()) { SecurityEnvironment env = security.environmentBuilder() .targetUri(req.uri()) .path(req.path().toString()) .method(req.method().name()) .addAttribute("userIp", req.remoteAddress()) .addAttribute("userPort", req.remotePort()) .transport(req.isSecure() ? "https" : "http") .headers(allHeaders) .build(); EndpointConfig ec = EndpointConfig.builder() .build(); SecurityContext context = security.contextBuilder(String.valueOf(SECURITY_COUNTER.incrementAndGet())) .tracingSpan(req.spanContext()) .env(env) .endpointConfig(ec) .build(); req.context().register(context); req.context().register(defaultHandler); } req.next(); }
void extractQueryParams(SecurityContext securityContext, ServerRequest req) { Map<String, List<String>> headers = new HashMap<>(); queryParamHandlers.forEach(handler -> handler.extract(req, headers)); //the following line is not possible, as headers are read //only in web server, must explicitly send them with security requests //headers.forEach(req.headers()::put); // update environment in context with the found headers securityContext.setEnv(securityContext.getEnv().derive() .headers(headers) .build()); }
.targetUri(filterContext.getTargetUri()) .method(filterContext.getMethod()) .headers(allHeaders) .addAttribute("resourceType", filterContext.getResourceName()) .build();
private void registerContext(ServerRequest req, ServerResponse res) { Map<String, List<String>> allHeaders = new HashMap<>(req.headers().toMap()); Optional<Map> newHeaders = req.context().get(CONTEXT_ADD_HEADERS, Map.class); newHeaders.ifPresent(allHeaders::putAll); //make sure there is no context if (!req.context().get(SecurityContext.class).isPresent()) { SecurityEnvironment env = security.environmentBuilder() .targetUri(req.uri()) .path(req.path().toString()) .method(req.method().name()) .addAttribute("userIp", req.remoteAddress()) .addAttribute("userPort", req.remotePort()) .transport(req.isSecure() ? "https" : "http") .headers(allHeaders) .build(); EndpointConfig ec = EndpointConfig.builder() .build(); SecurityContext context = security.contextBuilder(String.valueOf(SECURITY_COUNTER.incrementAndGet())) .tracingSpan(req.spanContext()) .env(env) .endpointConfig(ec) .build(); req.context().register(context); req.context().register(defaultHandler); } req.next(); }