diff --git a/agent/middleware/security/authn.go b/agent/middleware/security/authn.go index d7921a6..a50f057 100644 --- a/agent/middleware/security/authn.go +++ b/agent/middleware/security/authn.go @@ -132,11 +132,7 @@ func NewAuthN(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middlewar // option.TokenParser, // FromTransportClient(option.HeaderAuthorize, option.Scheme), // FromTransportServer(option.HeaderAuthorize, option.Scheme)) - if option.TokenParser == nil { - option.TokenParser = aggregateTokenParsers( - FromTransportClient(option.HeaderAuthorize, option.Scheme), - FromTransportServer(option.HeaderAuthorize, option.Scheme)) - } + return func(handler middleware.Handler) middleware.Handler { return func(ctx context.Context, req interface{}) (interface{}, error) { log.Debugf("NewAuthN: handling request: %+v", req) diff --git a/agent/middleware/security/option.go b/agent/middleware/security/option.go index 25fa4ca..0c440a9 100644 --- a/agent/middleware/security/option.go +++ b/agent/middleware/security/option.go @@ -76,6 +76,16 @@ func (o *Option) ApplyDefaults() { if o.Scheme == "" { o.Scheme = security.SchemeBearer.String() } + if o.TokenParser == nil { + o.TokenParser = aggregateTokenParsers( + FromTransportClient(o.HeaderAuthorize, o.Scheme), + FromTransportServer(o.HeaderAuthorize, o.Scheme)) + } + if o.IsRoot == nil { + o.IsRoot = func(ctx context.Context, claims security.Claims) bool { + return false + } + } } // WithConfig applies the configuration to the option.