Reactive-Spring-Security-5.1.3.RELEASE,多重授权 [英] Reactive-Spring-Security-5.1.3.RELEASE, multiple authorizations
问题描述
我们有一些端点是安全的,在访问它们之前,我们正在验证 jws 是否正确.为了做到这一点,我们定义了一个 SecurityContext 来实际持久化 Auth pojo 并在下游将其操作到控制器中.SecurityWebFilterChain 配置如下所示:
We have some endpoints, that are secured and before to access them we're verifying that the jws is correctly. In order to do that, we've defined a SecurityContext that actually persist the Auth pojo and to manipulate it downstream into the controller. The SecurityWebFilterChain config looks like that:
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http.csrf().disable()
.formLogin().disable()
.logout().disable()
.httpBasic().disable()
.securityContextRepository(securityContext)
.authorizeExchange()
.anyExchange().authenticated()
.and()
.build();
}
调用是内部进行的,我们只是验证了 jws 令牌.
The calls were internally made, and we just verified the jws token.
现在一些外部客户端需要与我们集成,我们需要验证一个 jwe 令牌.问题是,我们需要以某种方式告诉 spring-security 验证现有端点 jws 和新端点 jwe.
Right now some external clients need to integrate with us, and we need to verify a jwe token. The thing is, that somehow we need to tell spring-security to validate for the existent endpoints the jws and for the new one the jwe.
我尝试指定多个安全匹配器,但失败了:(.你还有其他建议吗?
I tried by specifying multiple security matchers but it failed :( . Do you have any other suggestions ?
推荐答案
您可以公开多个 bean.我建议指定一个订单:
You can expose more than one bean. I recommend specifying an order:
@Bean
@Order(1)
public SecurityWebFilterChain first(ServerHttpSecurity http) {
http
.securityMatcher(...)
...
return http.build();
}
@Bean
@Order(2)
public SecurityWebFilterChain second(ServerHttpSecurity http) {
http
.securityMatcher(...)
...
return http.build();
}
附带说明一下,Spring Security 确实提供了对响应式验证 JWS 令牌的支持,并且您可以通过使用它来删除一些样板.
As a side note, Spring Security does ship with support for verifying JWS tokens reactively, and you might be able to remove some boilerplate by using it.
这篇关于Reactive-Spring-Security-5.1.3.RELEASE,多重授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!