Security to M6 (#1337)

* update to latest versions Update milestones * Replace EndpointsFilter with new Filters API
micronaut-projects · Jun 3, 2023 · 3f23489 · 3f23489
1 parent c22dd8d
commit 3f23489
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 11 deletions.
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,7 +1,7 @@
 [versions]
 managed-nimbus-jose-jwt = "9.31"
 
-micronaut = "4.0.0-M5"
+micronaut = "4.0.0-M6"
 micronaut-docs = "2.0.0"
 groovy = "4.0.11"
 
@@ -12,15 +12,15 @@ unboundid-ldapsdk = "6.0.8"
 bouncycastle = "1.70"
 kotlin = "1.8.21"
 bcpkix = "1.70"
-micronaut-test = "4.0.0-M4"
-micronaut-multitenancy = "5.0.0-M3"
-micronaut-reactor = "3.0.0-M3"
+micronaut-test = "4.0.0-M6"
+micronaut-multitenancy = "5.0.0-M4"
+micronaut-reactor = "3.0.0-M4"
 micronaut-logging = "1.0.0-M3"
 micronaut-serde = "2.0.0-M8"
-micronaut-servlet = "4.0.0-M6"
-micronaut-session = "4.0.0-M2"
-micronaut-views = "4.0.0-M3"
-micronaut-validation = "4.0.0-M8"
+micronaut-servlet = "4.0.0-M7"
+micronaut-session = "4.0.0-M3"
+micronaut-views = "4.0.0-M4"
+micronaut-validation = "4.0.0-M9"
 
 micronaut-core = { module = 'io.micronaut:micronaut-core-bom', version.ref = 'micronaut' }
 [libraries]

diff --git a/security/src/main/java/io/micronaut/security/filters/EndpointsFilterReplacement.java b/security/src/main/java/io/micronaut/security/filters/EndpointsFilterReplacement.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2017-2023 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.filters;
+
+import io.micronaut.context.annotation.Replaces;
+import io.micronaut.context.annotation.Requires;
+import io.micronaut.core.annotation.Internal;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.core.util.StringUtils;
+import io.micronaut.http.HttpRequest;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.annotation.Filter;
+import io.micronaut.http.annotation.RequestFilter;
+import io.micronaut.http.annotation.ServerFilter;
+import io.micronaut.management.endpoint.EndpointSensitivityProcessor;
+import io.micronaut.management.endpoint.EndpointsFilter;
+
+/**
+ * Replaces the {@link EndpointsFilter} with a dummy implementation. The {@link io.micronaut.security.rules.SensitiveEndpointRule} manages the sensitivity of endpoints.
+ * @author Sergio del Amo
+ * @since 4.0.0
+ */
+@Requires(property = SecurityFilterConfigurationProperties.PREFIX + ".enabled", notEquals = StringUtils.FALSE, defaultValue = StringUtils.TRUE)
+@ServerFilter(Filter.MATCH_ALL_PATTERN)
+@Replaces(EndpointsFilter.class)
+@Internal
+public class EndpointsFilterReplacement extends EndpointsFilter {
+    /**
+     * Constructor.
+     *
+     * @param endpointSensitivityProcessor The processor that resolves endpoint sensitivity
+     */
+    public EndpointsFilterReplacement(EndpointSensitivityProcessor endpointSensitivityProcessor) {
+        super(endpointSensitivityProcessor);
+    }
+
+    @Override
+    @RequestFilter
+    @Nullable
+    public HttpResponse<?> doFilter(HttpRequest<?> request) {
+        return null;
+    }
+}
diff --git a/security/src/main/java/io/micronaut/security/filters/SecurityFilter.java b/security/src/main/java/io/micronaut/security/filters/SecurityFilter.java
@@ -15,7 +15,6 @@
  */
 package io.micronaut.security.filters;
 
-import io.micronaut.context.annotation.Replaces;
 import io.micronaut.context.annotation.Requires;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.core.order.Ordered;
@@ -28,7 +27,6 @@
 import io.micronaut.http.filter.HttpServerFilter;
 import io.micronaut.http.filter.ServerFilterChain;
 import io.micronaut.http.filter.ServerFilterPhase;
-import io.micronaut.management.endpoint.EndpointsFilter;
 import io.micronaut.security.authentication.Authentication;
 import io.micronaut.security.authentication.AuthorizationException;
 import io.micronaut.security.config.SecurityConfiguration;
@@ -54,7 +52,6 @@
  */
 @Requires(property = SecurityFilterConfigurationProperties.PREFIX + ".enabled", notEquals = StringUtils.FALSE, defaultValue = StringUtils.TRUE)
 @Requires(classes = { HttpServerFilter.class })
-@Replaces(EndpointsFilter.class)
 @Filter("${" + SecurityFilterConfigurationProperties.PREFIX + ".pattern:" + Filter.MATCH_ALL_PATTERN + "}")
 public class SecurityFilter implements HttpServerFilter {