Securing endpoint with authentication

[tchiotludo]

Feature description

I have a non standard case with management endpoint.

I need a management endpoint because my micronaut application is inside kubernetes clusters (/health & /prometheus in my case) on another port thanks to endpoints.all.port.
Everything is ok and working fine, but now I need to add a layer of security on this endpoint.

The application allow final users to do http request and on the whole internet without restriction and all endpoints can be reach by the final users (by a lot of different way, blacklist the url of the endpoint is not an option in my case, since user can inject some bash script and do a simple curl command).

So I need to secure this endpoint, my final usage will be have a Basic Auth on this endpoint (that is compatible with k8s).

I can work on the PR about that, but before working on it, I need some approval on the way to handle it.

I see 2 options:

• endpoints.all.required-headers with type Map<String, String>, just let people enter the required header in order to reach the endpoint.
• a Bean solution that will search for Bean of types : public interface EndpointWherePredicateProvider extends Predicate<HttpRequest<?>> {} and add it to all where() here on endpoint.

The second will only to deal with a lot of case by code (my preferred one).
The first can mostly deal most of the cases by configuration I think but don't allow extra customization.

What do you think ? any suggestion ?

[jameskleeh]

Converting this to a discussion

[jameskleeh]

Sounds like you should replace the EndpointsFilter with your own implementation

[tchiotludo]

Good idea, I don't think about Filter.
Thanks for pointing this one 🎉