PreQuery event is not supported #2379
Comments
|
Can you please describe your use-case? What do you mean by |
|
All models belong to an organization, and the data is isolated by the AuthenticationProvider implementation: public Publisher<AuthenticationResponse> authenticate(Object httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
return Flux.create(emitter -> {
String username = (String) authenticationRequest.getIdentity();
String password = (String) authenticationRequest.getSecret();
UserEntity user = userService.getByUsername(username).block();
if (user == null) {
log.info("User {} not found, login failed!", username);
emitter.error(AuthenticationResponse.exception(USER_NOT_FOUND));
} else if (!DigestUtil.bcryptCheck(password, user.getPassword())) {
log.info("User {} credentials don't match, login failed!", username);
emitter.error(AuthenticationResponse.exception(CREDENTIALS_DO_NOT_MATCH));
} else {
Set<String> roles = user.getRoles().stream().map(RoleEntity::getCode).collect(Collectors.toSet());
Map<String, Object> attr = new HashMap<>();
attr.put("org", user.getOrgId());
emitter.next(AuthenticationResponse.success((String) authenticationRequest.getIdentity(), roles, attr));
emitter.complete();
}
}, FluxSink.OverflowStrategy.ERROR);
}Data Entity: @Where("@.org_id=:orgId")
public class BrandEntity {
...
private String orgId;
...
}Expected PreQuery code: import io.micronaut.security.utils.SecurityService;
...
@Inject
private SecurityService securityService;
...
if (securityService.isAuthenticated()) {
String orgId = (String)securityService.getAuthentication()
.get()
.getAttributes().get("org");
// TODO set orgId as global data query params
}If it can be implemented, all query requests do not need to explicitly set orgId.This approach is useful and efficient for user or organizational data isolation |
|
Thanks, I'm planning to support external properties |
|
@dstepanov Is this feature already on the development agenda? |
|
You can try put @Singleton
class OrgIdContext {
...
public getOrgId() { ... }
} |
let me try. How to make |
|
|
|
That has problem with @Inject
private SecurityService securityService;
...
public String getOrgId() {
// securityService.getAuthentication() is empty
return securityService.getAuthentication()
.map(authentication -> authentication.getAttributes().get("ORG_ID").toString())
.orElse("");
}
... |
|
What is your stack? |
micronautVersion=4.4.2Controller method: @Slf4j
@Secured(SecurityRule.IS_AUTHENTICATED)
@Controller("/api/brands")
public class BrandController {
@Inject
private BrandRepository brandRepository;
@Inject
SecurityService securityService;
...
@Get("{id}")
public Mono<BrandEntity> detail(@PathVariable Long id) {
Optional<Authentication> optional = securityService.getAuthentication();
log.info("Get authentication ===>>> {}", optional.isPresent()); // It's true
return brandRepository.findById(id);
}
...Repository : @R2dbcRepository(dialect = Dialect.MYSQL)
@ParameterExpression(name = "orgId", expression = "#{orgId}")
public interface BrandRepository extends ReactorPageableRepository<BrandEntity, Long> {
...
}Entity: @Data
@MappedEntity("t_brand")
@Where("@.org_id = :orgId")
public class BrandEntity {
...
}CustomEvaluationContext (Register using @Singleton
public class CustomEvaluationContext {
@Inject
private SecurityService securityService;
public String getOrgId() {
// securityService.getAuthentication().isPresent() is false
return securityService.getAuthentication()
.map(authentication -> authentication.getAttributes().get("ORG_ID").toString())
.orElse("");
}
} |
|
If |
|
There are some fixes in #2876 that should correct context propagation. How would you imagine for |
|
Scenario of a single database we use. And org_id or tenant_id column is used to logically isolate data.Planned to use the prequery listener to uniformly add global parameters. |
Feature description
Unable to use the preQuery event to set public parameters before the query.
The text was updated successfully, but these errors were encountered: