Authentication is null Micronaut 3
I have a Micronaut 3 application, while using the JWT token the Authentication attribute on check method is null, however, I need to get all the roles from the JWT.
As per latest change from Micronaut
SecurityRule Changes
The SecurityRule API has changed. The last argument to the method was a map that represented the user attributes. Instead that argument was replaced with a reference to the Authentication. This has the benefit of rules now having access to the username of the logged in user as well as access to the convenience method getRoles().
@Singleton
public class AuthorityHandler implements SecurityRule {
@Override
public Publisher<SecurityRuleResult> check(HttpRequest<?> request, RouteMatch<?> routeMatch, Authentication authentication) {
if (routeMatch instanceof MethodBasedRouteMatch methodBasedRouteMatch) {
if (methodBasedRouteMatch.hasAnnotation(IRequirement.class)) {
AnnotationValue<IRequirement> requiredPermissionAnnotation = methodBasedRouteMatch.getAnnotation(IRequirement.class);
Optional<String> resourceIdName = requiredPermissionAnnotation.stringValue("resourceName");
String[] permissions = requiredPermissionAnnotation.stringValues("permission");
if (permissions.length > 0 && resourceIdName.isPresent() && authentication != null) {
List<String> identityClaims = (List<String>) authentication.getRoles();
if (Arrays.stream(permissions).anyMatch(element -> identityClaims.contains(element)))
return Mono.just(SecurityRuleResult.ALLOWED);
else
return Mono.just(SecurityRuleResult.REJECTED);
}
}
}
return Mono.just(SecurityRuleResult.UNKNOWN);
}
}
@Post
@IRequirement(resourceName = ClaimType.TAG_PRODUCT, permission = {ClaimValue.TAG_OWNER,ClaimValue.TAG_CREATOR,ClaimValue.TAG_VIEWER })
Mono<MutableHttpResponse<?>> post(@Body @Valid CategoryCommand model);
I am login to the application and passing the JWT token from request received from Identity server and it has roles as well. What I am missing or making mistake?
configuration
micronaut:
application:
name: fetebirdApigateway
server:
port: 8080
cors:
enabled: true
http-version: 2.0
security:
enabled: true
token:
jwt:
enabled: true
signatures:
jwks:
IdentityServer:
url: 'https://localhost:5001/.well-known/openid-configuration/jwks'
propagation:
enabled: true
header:
enabled: true
header-name: "Authorization"
prefix: "Bearer "
service-id-regex: "fetebirdProductPublisher|feteBirdService"
intercept-url-map:
- pattern: /swagger-ui/**
httpMethod: GET
access:
- isAnonymous()
- pattern: /swagger/**
access:
- isAnonymous()
router:
static-resources:
swagger:
paths: classpath:META-INF/swagger
mapping: /swagger/**
swagger-ui:
paths: classpath:META-INF/swagger/views/swagger-ui
mapping: /swagger-ui/**
tracing:
zipkin:
enabled: true
http:
url: http://localhost:9411
sampler:
probability: 0.1
consul:
client:
registration:
enabled: true
defaultZone: ${CONSUL_HOST:localhost}:${CONSUL_PORT:8500}
jackson:
serializationInclusion: ALWAYS
Decoding JWT
{
"nbf": 1634908283,
"exp": 1634908483,
"iss": "https://localhost:5001",
"client_id": "Fete_Bird_UI",
"sub": "673533cc-7c0b-40f3-80ac-222696df385d",
"auth_time": 1634906895,
"idp": "local",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "673533cc-7c0b-40f3-80ac-222696df385d",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@local.com",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "admin@local.com",
"AspNet.Identity.SecurityStamp": "812aa4cb-b9f1-48ac-9e39-1f0dceb6f1c4",
"identityserver": "owner",
"fb_product": "owner",
"fb_order": "owner",
"fb_payment": "owner",
"jti": "4AD786103632F389C21E10794E87BEC2",
"sid": "D0423E9D4C5DDC6575448F6C65537B63",
"iat": 1634908283,
"scope": [
"openid",
"profile",
"email"
],
"amr": [
"pwd"
]
}
Claims
"identityserver": "owner",
"fb_product": "owner",
"fb_order": "owner",
"fb_payment": "owner",
Solution
Add a breakpoint to JwtValidator
and increase the log level for security. Add the following line in logback.xml:
<logger name="io.micronaut.security" level="TRACE"/>
- Java Applet allowed for Javac or other jar access?
- Adding keys to a HashMap from two different Set sources, using two different functions, using a stream
- Spring Cloud Gateway tests fail after upgrade to Spring Boot 3.4.0 (specifically spring-web 6.2.0)
- Oracle ojdbc8 12.2.0.1 Forbidden by Maven
- Getting rid of Eclipse Junit 4 runtime configuration extraneous VM arguments
- What's the best way to define the words "class" and "object" to someone who hasn't used them?
- Java event propagation stopped
- Learn JavaFX without IDE
- No primary or default constructor found for interface org.springframework.data.domain.Pageable
- How to copy Java Collections list
- There is no OpenGL ES context current in the current thread - LWJGL using OpenGL ES 3.0
- java replace German umlauts
- Why is the operator precedence not followed here?
- How is the return value of a method ignored in Java?
- Why HTTP method PUT should be idempotent and not the POST in implementation RestFul service?
- Gradle: Override transitive dependency by version classifier
- Why does Runtime.maxMemory() change its value on separate calls?
- How to hide/ignore a field in swagger docs but set via spec/jolt file in spring-boot?
- Flyway JDBC migration connection trouble
- Best way to define Java constant dates
- Mocking of Private static variable using jmockit
- Impossible to make a cached thread pool with a size limit?
- Postgresql Procedure not getting called from JDBC
- How to convert an Iterator to a Stream?
- Java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/exc/InvalidDefinitionException
- java: variable employeeService not initialized in the default constructor
- Split Unsigned 32-bit Integer into Two 16-bit numbers that can be rebuilt
- Why does a compile-time error appears for this one involving Generics?
- JDK 1.8 not supported by vs code?
- How to convert milliseconds into days?