Secured routes

Two helpers for restricting access to a set of routes once an AuthenticationFilter is in place. Both return Response(Status.FORBIDDEN) when the access check fails. To return a 404 instead (to avoid revealing the existence of protected URLs), combine with StatusOverride and ErrorPages.

authenticatedRoutes

Requires that a Principal is attached to the request.

Example
Declaration

val handler = authenticatedRoutes(
    DashboardHandler(),
    LogoutHandler()
)

fun authenticatedRoutes(vararg routes: RoutingHttpHandler): RoutingHttpHandler

securedRoutes

Requires that the request's principal is an instance of P and passes the check predicate.

Example
Declaration

val handler = securedRoutes<AppPrincipal>(
    check = { it.roles.contains("ADMIN") },
    route = routes(
        "/admin" GET { Response(Status.OK) }
    )
)

inline fun <reified P : Principal> securedRoutes(
    crossinline check: (P) -> Boolean,
    route: RoutingHttpHandler
): RoutingHttpHandler

Secured routes

authenticatedRoutes​

securedRoutes​

authenticatedRoutes

securedRoutes