首页 > 解决方案 > 线程间共享的主体

问题描述

我正在使用 Spring OAuth2。我已经配置ResourceServer如下。当对服务进行并发调用时,多个线程错误地共享同一个主体。配置是否导致主体被共享?如果没有,关于可能是什么原因的任何想法?

EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .headers()
        .contentSecurityPolicy("script-src 'self'")
        .and()
        .frameOptions()
        .deny()
        .and()
        .requestMatchers()
        .and()
        .authorizeRequests()
        .antMatchers(HttpMethod.GET, PERMISSIBLE_PATHS).permitAll()
        .anyRequest().authenticated();
  }

  @Bean
  public PrincipalExtractor principalExtractor() {
    return map -> map.get(USER_CLAIM);
  }

  @Bean
  public AuthoritiesExtractor authoritiesExtractor() {
    return map -> AuthorityUtils.commaSeparatedStringToAuthorityList(
        ((List<String>) map.get(GROUP_CLAIMS)).stream()
            .map(group -> String.format("ROLE_%s", group.toUpperCase()))
            .collect(Collectors.joining(",")));

  }
}

标签: javaspringspring-securityspring-security-oauth2

解决方案


推荐阅读