Auth your API
Sisyphus adds all the ServerInterceptors
in the Spring context when building the gRPC service.
A ServerInterceptor
bean can be created to implement custom validation in any way Spring supports.
@Component
class AuthInterceptor : ServerInterceptor {
private val key = Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)
override fun <ReqT : Any?, RespT : Any?> interceptCall(
call: ServerCall<ReqT, RespT>,
headers: Metadata,
next: ServerCallHandler<ReqT, RespT>
): ServerCall.Listener<ReqT> {
val auth = headers.get(key)
if (auth != "Bearer MyToken") {
throw io.grpc.StatusException(Status.UNAUTHENTICATED)
}
return next.startCall(call, headers)
}
}
Caution
Since ServerInterceptor
is not managed by Sisyphus, you need to use io.grpc.StatusException
here.