成人免费xxxxx在线视频软件_久久精品久久久_亚洲国产精品久久久_天天色天天色_亚洲人成一区_欧美一级欧美三级在线观看

Spring WebFlux Security結合R2DBC實現權限控制

開發 前端
我們這里對實現的原理做簡單的接收,主要核心是WebFilter。

環境:Springboot2.7.7

依賴管理

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-r2dbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>dev.miku</groupId>
<artifactId>r2dbc-mysql</artifactId>
<version>0.8.2.RELEASE</version>
</dependency>

配置管理

spring:
r2dbc:
url: r2dbc:mysql://localhost:3306/testjpa?serverZoneId=GMT%2B8
username: root
password: 123123
pool:
initialSize: 100
maxSize: 200
maxCreateConnectionTime: 30s
---
logging:
level:
'[org.springframework.r2dbc]': DEBUG

實體對象,Repository,Service

@Table("t_users")
public class Users implements UserDetails {
@Id
private Integer id ;
private String username ;
private String password ;
}

這里實體對象實現了UserDetials,在后續配置的ReactiveUserDetailsService 配置返回值必須是UserDetails

Repository接口

public interface UsersRepository extends ReactiveSortingRepository<Users, String> {
Mono<Users> findByUsername(String username);
}

Service類

@Service
public class UsersService {

@Resource
private R2dbcEntityTemplate template;
@Resource
private UsersRepository ur ;

public Mono<Users> queryUserByUsername(String username) {
return ur.findByUsername(username) ;
}

public Mono<Users> queryUserByUsernameAndPassword(String username, String password) {
return ur.findByUsernameAndPassword(username, password) ;
}

public Flux<Users> queryUsers() {
return template.select(Users.class).all() ;
}

}

數據庫中插入幾條數據

圖片

單元測試

@SpringBootTest
class SpringBootWebfluxSecurity2ApplicationTests {

@Resource
private UsersService usersService ;

@Test
public void testQueryUserByUsername() throws Exception {
usersService.queryUserByUsername("admin")
.doOnNext(System.out::println)
.subscribe() ;
System.in.read() ;
}

}

輸出

2023-01-12 17:43:48.863 DEBUG 16612 --- [           main] o.s.w.r.r.m.a.ControllerMethodResolver   : ControllerAdvice beans: none
2023-01-12 17:43:48.896 DEBUG 16612 --- [ main] o.s.w.s.adapter.HttpWebHandlerAdapter : enableLoggingRequestDetails='false': form data and headers will be masked to prevent unsafe logging of potentially sensitive data
2023-01-12 17:43:49.147 INFO 16612 --- [ main] ringBootWebfluxSecurity2ApplicationTests : Started SpringBootWebfluxSecurity2ApplicationTests in 1.778 seconds (JVM running for 2.356)
2023-01-12 17:43:50.141 DEBUG 16612 --- [actor-tcp-nio-2] o.s.r2dbc.core.DefaultDatabaseClient : Executing SQL statement [SELECT t_users.id, t_users.username, t_users.password FROM t_users WHERE t_users.username = ?]
Users [id=3, username=admin, password=123123]

正常,接下來就是進行Security的配置

@Configuration
@EnableReactiveMethodSecurity
public class ReactiveSecurityConfig {

// 根據用戶名查詢用戶信息
@Bean
public ReactiveUserDetailsService reativeUserDetailsService(UsersService usersService) {
return username -> usersService.queryUserByUsername(username).map(user -> {
return (UserDetails) user;
});
}
// 根據查詢出的用戶進行密碼比對,沒有對密碼進行加密所有就進行簡單的equals比較
@Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
return rawPassword.toString();
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return rawPassword.toString().equals(encodedPassword);
}
};
}
@Order(Ordered.HIGHEST_PRECEDENCE + 1)
@Bean
public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
http.authorizeExchange((authorize) ->
authorize
// 配置資源訪問權限,對于靜態資源直接放行
.pathMatchers("/resources/**", "/favicon.ico").permitAll()
// /users開頭的接口必須擁有ROLE_ADMIN角色
.pathMatchers("/users/**").hasRole("ADMIN")
// /api開頭的接口通過自定義驗證邏輯控制
.pathMatchers("/api/**").access((authentication, context) -> {
return authentication.map(auth -> {
if ("user1".equals(auth.getName())) {
return new AuthorizationDecision(false);
}
MultiValueMap<String, String> params = context.getExchange().getRequest().getQueryParams();
List<String> sk = params.get("sk");
if (sk == null || sk.get(0).equals("u")) {
return new AuthorizationDecision(false);
}
return new AuthorizationDecision(true);
});
}).anyExchange().authenticated());
// 異常處理
http.exceptionHandling(execSpec -> {
// 無權限時響應策略
execSpec.accessDeniedHandler((exchange, denied) -> {
ServerHttpResponse response = exchange.getResponse() ;
response.getHeaders().add("Content-Type", "text/plain;charset=UTF-8");
DataBuffer body = response.bufferFactory().allocateBuffer() ;
body.write("無權限 - " + denied.getMessage(), StandardCharsets.UTF_8) ;
return response.writeWith(Mono.just(body)) ;
}) ;
// 沒有登錄配置統一認證入口,這里默認系統提供的登錄頁面
execSpec.authenticationEntryPoint((exchange, ex) -> {
ServerHttpResponse response = exchange.getResponse() ;
response.getHeaders().add("Content-Type", "text/html;charset=UTF-8");
DataBuffer body = response.bufferFactory().allocateBuffer() ;
body.write("請先登錄 - " + ex.getMessage(), StandardCharsets.UTF_8) ;
return response.writeWith(Mono.just(body)) ;
}) ;
}) ;
http.csrf(csrf -> csrf.disable());
http.formLogin();
return http.build();
}

}

以上就是Security的配置。這里就不做測試了

原理

這里對實現的原理做簡單的接收,主要核心是WebFilter

自動配置類中

public class ReactiveSecurityAutoConfiguration {
// 這里通過注解啟用了Security功能
@EnableWebFluxSecurity
static class EnableWebFluxSecurityConfiguration {
}
}

EnableWebFluxSecurity

@Import({ ServerHttpSecurityConfiguration.class, WebFluxSecurityConfiguration.class,
ReactiveOAuth2ClientImportSelector.class })
@Configuration
public @interface EnableWebFluxSecurity {
}

這里有個重要的ServerHttpSecurityConfiguration和WebFluxSecurityConfiguration配置類

@Configuration(proxyBeanMethods = false)
class ServerHttpSecurityConfiguration {
// 該類用來自定義配置我們的信息,也就是上面我們自定義的SecurityWebFilterChain
// 通過ServerHttpSecurity構建SecurityWebFilterChain
@Bean(HTTPSECURITY_BEAN_NAME)
@Scope("prototype")
ServerHttpSecurity httpSecurity() {
ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity();
return http.authenticationManager(authenticationManager())
.headers().and()
.logout().and();
}
}

WebFluxSecurityConfiguration

配置類最主要就是用來配置一個WebFilter

@Configuration(proxyBeanMethods = false)
class WebFluxSecurityConfiguration {
private List<SecurityWebFilterChain> securityWebFilterChains;
// 注入當前系統中的所有SecurityWebFilterChain,主要就是我們自定義實現的該類型
@Autowired(required = false)
void setSecurityWebFilterChains(List<SecurityWebFilterChain> securityWebFilterChains) {
this.securityWebFilterChains = securityWebFilterChains;
}
@Bean(SPRING_SECURITY_WEBFILTERCHAINFILTER_BEAN_NAME)
@Order(WEB_FILTER_CHAIN_FILTER_ORDER)
WebFilterChainProxy springSecurityWebFilterChainFilter() {
return new WebFilterChainProxy(getSecurityWebFilterChains());
}
private List<SecurityWebFilterChain> getSecurityWebFilterChains() {
List<SecurityWebFilterChain> result = this.securityWebFilterChains;
if (ObjectUtils.isEmpty(result)) {
return Arrays.asList(springSecurityFilterChain());
}
return result;
}
}

WebFilterChainProxy核心過濾器

public class WebFilterChainProxy implements WebFilter {

private final List<SecurityWebFilterChain> filters;
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return Flux.fromIterable(this.filters)
.filterWhen((securityWebFilterChain) -> securityWebFilterChain.matches(exchange)).next()
.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
.flatMap((securityWebFilterChain) -> securityWebFilterChain.getWebFilters().collectList())
.map((filters) -> new FilteringWebHandler(chain::filter, filters)).map(DefaultWebFilterChain::new)
.flatMap((securedChain) -> securedChain.filter(exchange));
}

}

以上就是WebFlux中應用Security的原理

責任編輯:武曉燕 來源: 實戰案例錦集
相關推薦

2023-09-21 08:01:27

SpringR2DBC實現數據庫

2022-03-29 07:32:38

R2DBC數據庫反應式

2025-05-16 08:55:58

2022-08-30 08:36:13

Spring權限控制

2022-08-15 08:45:21

Spring權限控制

2022-08-15 08:42:46

權限控制Spring

2022-08-30 08:55:49

Spring權限控制

2022-08-30 08:43:11

Spring權限控制

2022-08-30 08:50:07

Spring權限控制

2020-05-08 10:34:30

Spring非阻塞編程

2022-06-16 10:38:24

URL權限源代碼

2024-02-18 12:44:22

2020-06-17 08:31:10

權限控制Spring Secu

2021-07-27 10:49:10

SpringSecurity權限

2025-03-13 07:33:46

Spring項目開發

2020-09-16 08:07:54

權限粒度Spring Secu

2022-11-04 11:44:56

WebFluxCURDWeb

2020-05-25 07:00:00

雙因素認證身份認證密碼

2011-03-01 16:44:02

Hyper-V Ser

2022-01-07 07:29:08

Rbac權限模型
點贊
收藏

51CTO技術棧公眾號

主站蜘蛛池模板: 国产自产21区 | 天天成人综合网 | 国产目拍亚洲精品99久久精品 | 午夜欧美| 五月婷婷丁香 | 7777奇米影视| 在线中文字幕日韩 | 毛片免费视频 | 噜噜噜色网 | 一区二区三区欧美在线观看 | 久久综合九九 | 成人在线中文字幕 | 日韩欧美中文字幕在线观看 | 欧美第一区 | 九九亚洲| 艹逼网 | 亚洲精品久久久久久久久久久久久 | 午夜在线视频 | av在线播放网 | 日韩视频一区二区 | 成人免费淫片aa视频免费 | 久久久成人免费视频 | 国产精品av久久久久久久久久 | 久久精品国产99国产精品 | 第四色播日韩第一页 | 免费视频一区二区 | www.精品国产| 99精品视频在线观看免费播放 | 久久精品亚洲国产奇米99 | 综合久久综合久久 | 久久三级影院 | 亚洲av毛片 | 国产亚洲精品精品国产亚洲综合 | 亚洲免费网 | 91精品国产91久久久久久 | 久久精品国产久精国产 | 国产精品久久久久影院色老大 | 狠狠热视频| 婷婷久久综合 | 一级在线免费观看 | 精品一区二区三区av |