gpt4 book ai didi

spring-security - 使用 ReactiveSecurityContextHolder 手动设置身份验证

转载 作者:行者123 更新时间:2023-12-03 19:30:15 30 4
gpt4 key购买 nike

我正在尝试使用 Spring Web Flux 设置 Spring Security。我不明白如何手动设置 SecurityContextReactiveSecurityContextHolder .你有任何资源或提示吗?
以我编写的这个过滤器为例,它读取 JWT token 并需要手动设置身份验证:

@Slf4j
public class JwtTokenAuthenticationFilter implements WebFilter {

private final JwtAuthenticationConfig config;

private final JwtParser jwtParser = Jwts.parser();

public JwtTokenAuthenticationFilter(JwtAuthenticationConfig config) {
this.config = config;
jwtParser.setSigningKey(config.getSecret().getBytes());
}

@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {

String token = exchange.getRequest().getHeaders().getFirst(config.getHeader());
if (token != null && token.startsWith(config.getPrefix() + " ")) {
token = token.replace(config.getPrefix() + " ", "");
try {
Claims claims = jwtParser.parseClaimsJws(token).getBody();
String username = claims.getSubject();
@SuppressWarnings("unchecked")
List<String> authorities = claims.get("authorities", List.class);
if (username != null) {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null,
authorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));

// TODO set authentication into ReactiveSecurityContextHolder
}
} catch (Exception ex) {
log.warn(ex.toString(), ex);
ReactiveSecurityContextHolder.clearContext();
}
}
return chain.filter(exchange);
}
}

最佳答案

我设法通过调用来更新 SecurityContext:

return chain.filter(exchange).subscriberContext(ReactiveSecurityContextHolder.withAuthentication(auth));

如果我错了或者有更好的方法来管理它,请纠正我。

关于spring-security - 使用 ReactiveSecurityContextHolder 手动设置身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55498838/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com