Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding JWT token Authentication information only possible after body processing #2

Open
envimate-opensource opened this issue Jun 18, 2019 · 0 comments
Assignees

Comments

@envimate-opensource
Copy link
Collaborator

Do you have an awesome idea to improve the project? Please describe.
Adding authentication information into the body map should be possible BEFORE body
processing, so that the authorizer can reject a request even BEFORE the body is parsed.

Is your feature request related to a problem? Please describe.
That reduces the attack surface and hence increases security.

Describe the solution you'd like
I'd like to be able to call:

.configured(toAuthenticateRequests().beforeBodyProcessing().using(metaData -> {
                    final Optional<CustomerIdentifier> optionalId = metaData.get(HEADERS)
                            .getHeader("Authorization")
                            .map(authenticator::authenticateAs);
                    optionalId.ifPresent(customerIdentifier ->
                            metaData.get(BODY_MAP).put("customerIdentifier", customerIdentifier)
                    );
                    return optionalId;
                }))

without receiving a java.lang.RuntimeException: Could not find meta datum BODY_MAP ...

Additional context
none given

@envimate-opensource envimate-opensource self-assigned this Jun 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant