Open nicmunroe opened 6 years ago
To toss out another API breaking change, maybe considering changing the API to return a CompletableFuture instead of assuming a quick, fast response on the main thread when you make this change.
CompletableFuture<Optional<ResponseInfo<?>>> validateSecureRequestForEndpoint
This would remove the need for isFastEnoughToRunOnNettyWorkerThread flag
RequestSecurityValidator.validateSecureRequestForEndpoint(...)
currently has avoid
return type, with the idea that if the request passes auth you do nothing, and if it fails auth you throw an appropriate exception.We should change the return type to
Optional<ResponseInfo<?>>
to allow you to short circuit with an explicit full-flexibility response if you wanted to. For example, you might want to send a 302/307 redirect.So there would be three options for handling a request in
RequestSecurityValidator.validateSecureRequestForEndpoint(...)
:Optional.empty()
(or null) to indicate the request passed auth and request processing should proceed.Optional<ResponseInfo<?>>
to short circuit with the provided response immediately, bypassing any endpoint and any after-security-validator-RequestAndResponseFilter
s. (The response side ofRequestAndResponseFilter
should still run).This would be an API breaking change.