gpt4 book ai didi

spring-boot - Spring WebFlux Security - 是否可以在 SecurityWebFilterChain 上为不同的资源配置多个 ServerAuthenticationEntryPoints

转载 作者:行者123 更新时间:2023-12-04 17:29:48 42 4
gpt4 key购买 nike

我的 spring webflux 应用程序中有几个不同的 API,需要对失败的身份验证做出不同的响应。我正在尝试为每个 API 设置不同的 ServerAuthenticationEntryPoints 来处理这些情况。

我找到了 this示例配置显示了如何为不同的资源配置不同的 AuthenticationWebFilter,这使您能够单独设置 ServerAuthenticationSuccessHandler 和 ServerAuthenticationFailureHandler,但是我不确定如何在没有完全独立的 SecurityWebFilterChains 的情况下配置不同的 ServerAuthenticationEntryPoints。

如果我必须配置单独的 SecurityWebFilterChain,我该怎么做?

我的 SecurityWebFilterChain 当前配置如下 - 不幸的是,您不能单独设置异常处理,并且对 authenticationEntryPoint 的第二次调用是先例:

@Bean
fun securityWebFilterChain(
http: ServerHttpSecurity,
userServerAuthenticationEntryPoint: ServerAuthenticationEntryPoint,
userAuthenticationWebFilter: AuthenticationWebFilter,
deviceServerAuthenticationEntryPoint: ServerAuthenticationEntryPoint,
deviceAuthenticationWebFilter: AuthenticationWebFilter,
serverSecurityContextRepository: ServerSecurityContextRepository,
authenticationManager: ReactiveAuthenticationManager,
serverAccessDeniedHandler: ServerAccessDeniedHandler
): SecurityWebFilterChain {
http
.addFilterAt(userAuthenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.exceptionHandling()
.authenticationEntryPoint(userServerAuthenticationEntryPoint)
.and()
.authorizeExchange()
.pathMatchers(GET, "/sign-in").permitAll()
.pathMatchers("/authentication/**").permitAll()
.pathMatchers(GET, "/landing").hasAnyAuthority("USER", "ADMIN")
.pathMatchers("/user-api/**").hasAnyAuthority("USER", "ADMIN")

http
.addFilterAt(deviceAuthenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.exceptionHandling()
.authenticationEntryPoint(deviceServerAuthenticationEntryPoint)
.and()
.authorizeExchange()
.pathMatchers("/device-api/**").hasAuthority("DEVICE")

// GLOBAL
http
.httpBasic().disable()
.formLogin().disable()
.csrf().disable()
.cors().disable()
.securityContextRepository(serverSecurityContextRepository)
.authenticationManager(authenticationManager)
.exceptionHandling()
.accessDeniedHandler(serverAccessDeniedHandler)
.and()
.authorizeExchange()
.pathMatchers(GET, "/webjars/**").permitAll()
.pathMatchers(GET, "/assets/**").permitAll()
.anyExchange().authenticated()

return http.build()
}

最佳答案

原来默认的 ServerAuthenticationEntryPoint 是一个 DelegatingServerAuthenticationEntryPoint,它使您能够通过 ServerWebExchangeMatchers 配置哪个实际入口点负责任何给定的 ServerWebExchange。参见 this comment .

关于spring-boot - Spring WebFlux Security - 是否可以在 SecurityWebFilterChain 上为不同的资源配置多个 ServerAuthenticationEntryPoints,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60799740/

42 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com