AuthInterceptor(user: User, urlWhitelist: List<String>, allowNonHttps: Boolean = false, allowNonWhitelistedDomains: Boolean = false, timeout: Long = 10_000, authChecks: Sequence<AuthCheck> = sequenceOf(
checkUrlInWhitelist(urlWhitelist, allowNonWhitelistedDomains),
protocolCheck(allowNonHttps)
))
Creates an interceptor which will do authenticated requests to whitelisted urls. By default, requests to non-whitelisted domains will be rejected as well as non-https requests. This can be overridden using allowNonWhitelistedDomains and allowNonHttps. Will throw an IllegalArgumentException if whitelisted domains are not over HTTPS if non-https is not allowed
user
- The user session to bind
urlWhitelist
- The whitelist of URLs which be authenticated against
allowNonWhitelistedDomains
- By default, all non-whitelisted domains will be rejected unless this is set to true.
Please note that the auth header will not be injected for any domains not in the whitelist. Defaults to false
allowNonHttps
- Whether or not non-https domains should be allowed. Defaults to false