Micronaut 4 non-documented breaking changes

[loicmathieu]

Hello,
There are breaking changes on Micronaut Secuity 4 not documented.
Among them I struggle with:

• AuthenticationProvier now having T instead of HttpRequest for the type of the request parameter, can I safely cast them to HttpRequest ?
• SecurityRule.check() missing the RouteMatch<?> routeMatch attribute, how can we access the RouteMatch from a security rule?

Thanks in advance.

[sdelamo]

Thanks for reporting these issues @loicmathieu

AuthenticationProvier now having T instead of HttpRequest for the type of the request parameter, can I safely cast them to HttpRequest ?

You can use implements AuthenticationProvider<HttpRequest<?>> safely. We decoupled Micronaut Security from HttpRequest to use it in contexts with no HTTP server running.

SecurityRule.check() missing the RouteMatch<?> routeMatch attribute, how can we access the RouteMatch from a security rule?

You can get a routeMatch in a SecurityRule by doing:

        RouteMatch<?> routeMatch = request.getAttribute(HttpAttributes.ROUTE_MATCH, RouteMatch.class).orElse(null);