自定义安全规则不起作用 Micronaut 2.2.1 [英] Custom Security Rules not working Micronaut 2.2.1

问题描述

我正在尝试使用 Micronaut 2.2.1 实现自定义安全规则，但它不起作用.

I am trying to implement the custom security rules with Micronaut 2.2.1, but it is not working.

public @interface RequiredPermission {
    String resourceIdName();
    String permission();
}

安全规则

@Singleton
public class AdminRequirement implements SecurityRule {
    @Override
    public SecurityRuleResult check(HttpRequest<?> request, @Nullable RouteMatch<?> routeMatch, @Nullable Map<String, Object> claims) {
        if (routeMatch instanceof MethodBasedRouteMatch) {
            MethodBasedRouteMatch methodBasedRouteMatch = (MethodBasedRouteMatch) routeMatch;
            if (methodBasedRouteMatch.hasAnnotation(RequiredPermission.class)) {
                AnnotationValue<RequiredPermission> requiredPermissionAnnotation = methodBasedRouteMatch.getAnnotation(RequiredPermission.class);
                // Get parameters from annotation on method
                Optional<String> resourceIdName = requiredPermissionAnnotation.stringValue("resourceIdName");
                Optional<String> permission = requiredPermissionAnnotation.stringValue("permission");
                if (permission.isPresent() && resourceIdName.isPresent() && claims != null) {
                    // Use name of parameter to get the value passed in as an argument to the method
                    String resourceId = methodBasedRouteMatch.getVariableValues().get(resourceIdName.get()).toString();
                    // Get claim from jwt using the resource ID
                    Object permissionForResource = ((Map) claims.get("https://your-domain.com/claims")).get(resourceId);
                    if (permissionForResource != null && permissionForResource.equals(permission.get())) {
                        // if the permission exists and it's equal, allow access
                        return SecurityRuleResult.ALLOWED;
                    }
                }
            }
        }
        return SecurityRuleResult.UNKNOWN;
    }
}

控制器

@Secured(SecurityRule.IS_AUTHENTICATED)
@Controller("/product")
public record ProductController(IProducer iProducer) {
    @Get(uri = "/{text}")
    @RequiredPermission(resourceIdName = "Admin", permission = "Admin")
    public Single<String> get(String text){
        return iProducer.sendText(text);
    }
}

AdminRequirement 实现 SecurityRule 永远不会执行覆盖 check() 方法，这是我所缺少的.

AdminRequirement implements SecurityRule the override check() method is never executed, something I am missing.

Application.yml

micronaut:
  application:
    name: demo
  security:
    enabled: true
    token:
      jwt:
        enabled: true
        signatures:
          jwks:
            okta:
              url: 'https://dev-6271510.okta.com/oauth2/default/v1/keys'
    intercept-url-map:
      - pattern: /swagger-ui/**
        httpMethod: GET
        access:
          - isAnonymous()
      - pattern: /swagger/**
        access:
          - isAnonymous()

如果我更新代码如下

@Controller("/product")
@RequiredPermission(resourceIdName = "Admin", permission = "Admin")
public record ProductController(IProducer iProducer) {}

以上代码有效，但不是合适的解决方案

The above code works, but it is not a suitable solution

@RequiredPermission(resourceIdName = "Admin", permission = "Admin")

@RequiredPermission(resourceIdName = "Admin", permission = "Admin")

回购 - https://github.com/anandjaisy/micronaut-customSecurityRule

推荐答案

安全规则实现有序接口.为此，您必须在自定义安全规则类中添加以下行.

Security rule implements the ordered interface. To achieve this you have to add below lines in your custom security rule class.

public static final Integer ORDER = SecuredAnnotationRule.ORDER - 100;

public int getOrder() {
  return ORDER;
}

这篇关于自定义安全规则不起作用 Micronaut 2.2.1的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！