org.apache.pekko.http.scaladsl.server.directives

Interface SecurityDirectives

All Known Subinterfaces:

Directives

All Known Implementing Classes:

Directives$, HttpApp, SecurityDirectives$

public interface SecurityDirectives

Provides directives for securing an inner route using the standard Http authentication headers WWW-Authenticate and Authorization. Most prominently, HTTP Basic authentication and OAuth 2.0 Authorization Framework as defined in RFC 2617 and RFC 6750 respectively.

See: RFC 2617. See: RFC 6750.

Method Summary

Modifier and Type	Method and Description
<T> AuthenticationDirective<T>	authenticateBasic(java.lang.String realm, scala.Function1<Credentials,scala.Option<T>> authenticator) Wraps the inner route with Http Basic authentication support using a given Authenticator[T].
<T> AuthenticationDirective<T>	authenticateBasicAsync(java.lang.String realm, scala.Function1<Credentials,scala.concurrent.Future<scala.Option<T>>> authenticator) Wraps the inner route with Http Basic authentication support.
<T> AuthenticationDirective<T>	authenticateBasicPF(java.lang.String realm, scala.PartialFunction<Credentials,T> authenticator) A directive that wraps the inner route with Http Basic authentication support.
<T> AuthenticationDirective<T>	authenticateBasicPFAsync(java.lang.String realm, scala.PartialFunction<Credentials,scala.concurrent.Future<T>> authenticator) A directive that wraps the inner route with Http Basic authentication support.
<T> AuthenticationDirective<T>	authenticateOAuth2(java.lang.String realm, scala.Function1<Credentials,scala.Option<T>> authenticator) A directive that wraps the inner route with OAuth2 Bearer Token authentication support.
<T> AuthenticationDirective<T>	authenticateOAuth2Async(java.lang.String realm, scala.Function1<Credentials,scala.concurrent.Future<scala.Option<T>>> authenticator) A directive that wraps the inner route with OAuth2 Bearer Token authentication support.
<T> AuthenticationDirective<T>	authenticateOAuth2PF(java.lang.String realm, scala.PartialFunction<Credentials,T> authenticator) A directive that wraps the inner route with OAuth2 Bearer Token authentication support.
<T> AuthenticationDirective<T>	authenticateOAuth2PFAsync(java.lang.String realm, scala.PartialFunction<Credentials,scala.concurrent.Future<T>> authenticator) A directive that wraps the inner route with OAuth2 Bearer Token authentication support.
<C extends HttpCredentials,T> AuthenticationDirective<T>	authenticateOrRejectWithChallenge(scala.Function1<scala.Option<C>,scala.concurrent.Future<scala.util.Either<HttpChallenge,T>>> authenticator, scala.reflect.ClassTag<C> evidence$1) Lifts an authenticator function into a directive.
<T> AuthenticationDirective<T>	authenticateOrRejectWithChallenge(scala.Function1<scala.Option<HttpCredentials>,scala.concurrent.Future<scala.util.Either<HttpChallenge,T>>> authenticator) Lifts an authenticator function into a directive.
Directive<scala.runtime.BoxedUnit>	authorize(scala.Function0<java.lang.Object> check) Applies the given authorization check to the request.
Directive<scala.runtime.BoxedUnit>	authorize(scala.Function1<RequestContext,java.lang.Object> check) Applies the given authorization check to the request.
Directive<scala.runtime.BoxedUnit>	authorizeAsync(scala.Function0<scala.concurrent.Future<java.lang.Object>> check) Asynchronous version of authorize.
Directive<scala.runtime.BoxedUnit>	authorizeAsync(scala.Function1<RequestContext,scala.concurrent.Future<java.lang.Object>> check) Asynchronous version of authorize.
Directive<scala.Tuple1<scala.Option<HttpCredentials>>>	extractCredentials() Extracts the potentially present HttpCredentials provided with the request's Authorization header.
<C extends HttpCredentials,T> AuthenticationDirective<T>	extractCredentialsAndAuthenticateOrRejectWithChallenge(Directive<scala.Tuple1<scala.Option<C>>> extractCredentials, scala.Function1<scala.Option<C>,scala.concurrent.Future<scala.util.Either<HttpChallenge,T>>> authenticator) Lifts an authenticator function into a directive.

Method Detail

extractCredentials

Directive<scala.Tuple1<scala.Option<HttpCredentials>>> extractCredentials()

Extracts the potentially present HttpCredentials provided with the request's Authorization header.

Returns:

(undocumented)

authenticateBasic

<T> AuthenticationDirective<T> authenticateBasic(java.lang.String realm,
                                                 scala.Function1<Credentials,scala.Option<T>> authenticator)

Wraps the inner route with Http Basic authentication support using a given Authenticator[T]. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateBasicAsync

<T> AuthenticationDirective<T> authenticateBasicAsync(java.lang.String realm,
                                                      scala.Function1<Credentials,scala.concurrent.Future<scala.Option<T>>> authenticator)

Wraps the inner route with Http Basic authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateBasicPF

<T> AuthenticationDirective<T> authenticateBasicPF(java.lang.String realm,
                                                   scala.PartialFunction<Credentials,T> authenticator)

A directive that wraps the inner route with Http Basic authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateBasicPFAsync

<T> AuthenticationDirective<T> authenticateBasicPFAsync(java.lang.String realm,
                                                        scala.PartialFunction<Credentials,scala.concurrent.Future<T>> authenticator)

A directive that wraps the inner route with Http Basic authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateOAuth2

<T> AuthenticationDirective<T> authenticateOAuth2(java.lang.String realm,
                                                  scala.Function1<Credentials,scala.Option<T>> authenticator)

A directive that wraps the inner route with OAuth2 Bearer Token authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateOAuth2Async

<T> AuthenticationDirective<T> authenticateOAuth2Async(java.lang.String realm,
                                                       scala.Function1<Credentials,scala.concurrent.Future<scala.Option<T>>> authenticator)

A directive that wraps the inner route with OAuth2 Bearer Token authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateOAuth2PF

<T> AuthenticationDirective<T> authenticateOAuth2PF(java.lang.String realm,
                                                    scala.PartialFunction<Credentials,T> authenticator)

A directive that wraps the inner route with OAuth2 Bearer Token authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateOAuth2PFAsync

<T> AuthenticationDirective<T> authenticateOAuth2PFAsync(java.lang.String realm,
                                                         scala.PartialFunction<Credentials,scala.concurrent.Future<T>> authenticator)

A directive that wraps the inner route with OAuth2 Bearer Token authentication support. The given authenticator determines whether the credentials in the request are valid and, if so, which user object to supply to the inner route.

Parameters:

realm - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

extractCredentialsAndAuthenticateOrRejectWithChallenge

<C extends HttpCredentials,T> AuthenticationDirective<T> extractCredentialsAndAuthenticateOrRejectWithChallenge(Directive<scala.Tuple1<scala.Option<C>>> extractCredentials,
                                                                                                                scala.Function1<scala.Option<C>,scala.concurrent.Future<scala.util.Either<HttpChallenge,T>>> authenticator)

Lifts an authenticator function into a directive. The authenticator function gets passed in credentials from the Authorization header of the request. If the function returns Right(user) the user object is provided to the inner route. If the function returns Left(challenge) the request is rejected with an AuthenticationFailedRejection that contains this challenge to be added to the response.

You can supply a directive to extract the credentials (to support alternative ways of providing credentials).

Parameters:

extractCredentials - (undocumented)

authenticator - (undocumented)

Returns:

(undocumented)

authenticateOrRejectWithChallenge

<T> AuthenticationDirective<T> authenticateOrRejectWithChallenge(scala.Function1<scala.Option<HttpCredentials>,scala.concurrent.Future<scala.util.Either<HttpChallenge,T>>> authenticator)

Lifts an authenticator function into a directive. The authenticator function gets passed in credentials from the Authorization header of the request. If the function returns Right(user) the user object is provided to the inner route. If the function returns Left(challenge) the request is rejected with an AuthenticationFailedRejection that contains this challenge to be added to the response.

Parameters:

authenticator - (undocumented)

Returns:

(undocumented)

authenticateOrRejectWithChallenge

<C extends HttpCredentials,T> AuthenticationDirective<T> authenticateOrRejectWithChallenge(scala.Function1<scala.Option<C>,scala.concurrent.Future<scala.util.Either<HttpChallenge,T>>> authenticator,
                                                                                           scala.reflect.ClassTag<C> evidence$1)

Lifts an authenticator function into a directive. Same as authenticateOrRejectWithChallenge but only applies the authenticator function with a certain type of credentials.

Parameters:

authenticator - (undocumented)

evidence$1 - (undocumented)

Returns:

(undocumented)

authorize

Directive<scala.runtime.BoxedUnit> authorize(scala.Function0<java.lang.Object> check)

Applies the given authorization check to the request. If the check fails the route is rejected with an AuthorizationFailedRejection.

Parameters:

check - (undocumented)

Returns:

(undocumented)

authorize

Directive<scala.runtime.BoxedUnit> authorize(scala.Function1<RequestContext,java.lang.Object> check)

Applies the given authorization check to the request. If the check fails the route is rejected with an AuthorizationFailedRejection.

Parameters:

check - (undocumented)

Returns:

(undocumented)

authorizeAsync

Directive<scala.runtime.BoxedUnit> authorizeAsync(scala.Function0<scala.concurrent.Future<java.lang.Object>> check)

Asynchronous version of authorize. If the Future fails or is completed with false authorization fails and the route is rejected with an AuthorizationFailedRejection.

Parameters:

check - (undocumented)

Returns:

(undocumented)

authorizeAsync

Directive<scala.runtime.BoxedUnit> authorizeAsync(scala.Function1<RequestContext,scala.concurrent.Future<java.lang.Object>> check)

Asynchronous version of authorize. If the Future fails or is completed with false authorization fails and the route is rejected with an AuthorizationFailedRejection.

Parameters:

check - (undocumented)

Returns:

(undocumented)