path: util/aop/aop-api/src/main/java/com/knubisoft/aop/api/impl/SecurityHttpRequestProcessingAspect.java
This aspect acts as a security check for each request. If an endpoint that was called is private, the aspect will begin authentication processing.
Firstly it checks if called method (endpoint) is secure by processing the @Operation swagger annotation. Each method within the API interfaces is annotated by @Operation during the API layer generation. The main thing is the security section within the @Operation annotation, the aspect checks, if it's, exists and not empty, and based on the result "decides" whether to begin security processes or not.
Example of the secure endpoint:
Example of the public endpoint:
As you can see public endpoint doesn't have a security section at all (second example), this means that SecurityHttpRequestProcessingAspect won't do authentication and other security processes, just return the response to a client.
In the context of a private endpoint, the aspect will behave differently, when the security section array within the @Operation annotation exists and is not empty like in the first example of a secure endpoint then AuthenticationHandler will be used by calling authenticate() method, and security processes start. (You can read more about Authentication/Authorization processes in Auth documentation (now in progress)).
{"serverDuration": 63, "requestCorrelationId": "dc66e3a758038d78"}
