actix_security_core/http/security/config.rs
1//! Configuration traits for authentication and authorization.
2//!
3//! # Spring Equivalent
4//! `AuthenticationProvider` and `AccessDecisionManager` interfaces
5
6use actix_web::body::EitherBody;
7use actix_web::dev::{ServiceRequest, ServiceResponse};
8use actix_web::Error;
9use futures_util::future::LocalBoxFuture;
10
11use crate::http::security::user::User;
12
13/// Trait for extracting user identity from an HTTP request.
14///
15/// # Spring Equivalent
16/// `AuthenticationProvider` / `UserDetailsService`
17///
18/// # Implementation Note
19/// Returns an owned `User` so it can be stored in request extensions
20/// for access by handlers.
21pub trait Authenticator {
22 /// Attempts to authenticate the request and returns the user if successful.
23 fn get_user(&self, req: &ServiceRequest) -> Option<User>;
24}
25
26/// Trait for deciding whether an authenticated user can access a resource.
27///
28/// # Spring Equivalent
29/// `AccessDecisionManager` / `AuthorizationManager`
30///
31/// The `process` method returns a boxed future that resolves to:
32/// - `EitherBody::left()` when forwarding to the inner service
33/// - `EitherBody::right()` for custom responses (redirects, forbidden, etc.)
34pub trait Authorizer<B> {
35 /// Processes the authorization decision.
36 ///
37 /// # Arguments
38 /// * `req` - The incoming request
39 /// * `user` - The authenticated user (if any)
40 /// * `next` - Closure to call the next service in the chain
41 fn process(
42 &self,
43 req: ServiceRequest,
44 user: Option<&User>,
45 next: impl FnOnce(ServiceRequest) -> LocalBoxFuture<'static, Result<ServiceResponse<B>, Error>>
46 + 'static,
47 ) -> LocalBoxFuture<'static, Result<ServiceResponse<EitherBody<B>>, Error>>;
48}