java - 使用 MongoDb 作为 UserDetails 存储的 Spring WebFlux 安全性
问题描述
O 我一直在为反应式 API 设置安全性,用户可以使用用户名/密码登录以获取 JWT 令牌,然后将其用于其他所有操作。用户详细信息(用户名、密码等)存储在 MongoDb 中。
我只是将过滤器添加到网络过滤器链中:
.addFilterAt(buildUsernamePasswordAuthenticationFilter(), SecurityWebFiltersOrder.AUTHENTICATION)
在构建这个过滤器时,我给它我的自定义ApplicationUserService
:
private AuthenticationWebFilter buildUsernamePasswordAuthenticationFilter() {
UserDetailsRepositoryReactiveAuthenticationManager authManager;
AuthenticationWebFilter usernamePasswordAuthenticationFilter;
authManager = new UserDetailsRepositoryReactiveAuthenticationManager(applicationUserService);
authManager.setPasswordEncoder(passwordEncoder);
usernamePasswordAuthenticationFilter = new AuthenticationWebFilter(authManager);
usernamePasswordAuthenticationFilter.setRequiresAuthenticationMatcher(ServerWebExchangeMatchers.pathMatchers(loginPathMatcher));
return usernamePasswordAuthenticationFilter;
}
这ApplicationUserService
看起来像:
@Service
public class ApplicationUserService implements ReactiveUserDetailsService {
private final ReactiveUsersService reactiveUsersService;
@Autowired
public ApplicationUserService(ReactiveUsersService reactiveUsersService) {
this.reactiveUsersService = reactiveUsersService;
}
@Override
public Mono<UserDetails> findByUsername(String username) {
return reactiveUsersService.getUserByUsername(username).cast(UserDetails.class).log();
}
}
这用于ReactiveUsersService
获取用户:
@Service
public class ReactiveUsersService {
ReactiveUsersRepository repository;
public ReactiveUsersService(ReactiveUsersRepository repository) {
this.repository = repository;
}
public Flux<User> getUsers(){
return repository.findAll().switchIfEmpty(Mono.error(new IllegalStateException("no users"))
);
}
public Mono<User> getUserByUsername(String username){
return repository.findByUsername(username);
}
}
最后,ReactiveUsersRepository
:
@Repository
public interface ReactiveUsersRepository extends ReactiveMongoRepository<User, Integer> {
Mono<User> findByUsername(String username);
}
通过此设置,我没有收到任何错误,但登录不起作用。我只是得到 401 回来。请注意,我已.log()
添加到获取用户的位置。这是它记录的内容:
2020-05-06 17:23:54.741 INFO 23348 --- [ctor-http-nio-3] reactor.Mono.MapFuseable.1 : | onSubscribe([Fuseable] FluxMapFuseable.MapFuseableSubscriber)
2020-05-06 17:23:54.742 INFO 23348 --- [ctor-http-nio-3] reactor.Mono.MapFuseable.1 : | request(unbounded)
2020-05-06 17:23:54.743 INFO 23348 --- [ctor-http-nio-3] reactor.Mono.MapFuseable.1 : | onContextUpdate(Context2{interface org.springframework.web.server.ServerWebExchange=org.springframework.web.server.adapter.DefaultServerWebExchange@750265e1, interface org.springframework.security.core.context.SecurityContext=MonoFlatMap})
2020-05-06 17:23:54.743 INFO 23348 --- [ctor-http-nio-3] reactor.Mono.MapFuseable.1 : | onContextUpdate(Context2{interface org.springframework.web.server.ServerWebExchange=org.springframework.web.server.adapter.DefaultServerWebExchange@750265e1, interface org.springframework.security.core.context.SecurityContext=MonoFlatMap})
2020-05-06 17:23:54.744 INFO 23348 --- [ctor-http-nio-3] reactor.Mono.MapFuseable.1 : | onContextUpdate(Context2{interface org.springframework.web.server.ServerWebExchange=org.springframework.web.server.adapter.DefaultServerWebExchange@750265e1, interface org.springframework.security.core.context.SecurityContext=MonoFlatMap})
2020-05-06 17:23:54.825 INFO 23348 --- [ntLoopGroup-2-2] org.mongodb.driver.connection : Opened connection [connectionId{localValue:3, serverValue:104}] to localhost:27017
2020-05-06 17:23:54.844 INFO 23348 --- [ntLoopGroup-2-2] reactor.Mono.MapFuseable.1 : | onNext(User{id='5eb10474d388c2b64f709b4c', username='admin', email='admin@admin.com', password='$2a$10$qj83J33wn7l9IpNvAlAFQ.fDxaQGwl5Pw4nHRho.Y2wWs1goJny5e', roles=null})
2020-05-06 17:23:54.854 INFO 23348 --- [ntLoopGroup-2-2] reactor.Mono.MapFuseable.1 : | cancel()
2020-05-06 17:23:54.854 INFO 23348 --- [ntLoopGroup-2-2] reactor.Mono.MapFuseable.1 : | onContextUpdate(Context2{interface org.springframework.web.server.ServerWebExchange=org.springframework.web.server.adapter.DefaultServerWebExchange@750265e1, interface org.springframework.security.core.context.SecurityContext=MonoFlatMap})
2020-05-06 17:23:54.855 INFO 23348 --- [ntLoopGroup-2-2] reactor.Mono.MapFuseable.1 : | onComplete()
ApplicationUserService
之前,我在我使用InMemoryUsersService
的有几个硬编码用户而不是“ReactiveUsersServe”的地方插入了 MongoDb,并且一切正常。本质上,我只是更改了这一行以从 Mongo 而不是内存中获取用户:
return reactiveUsersService.getUserByUsername(username).cast(UserDetails.class).log();
似乎它确实从 Mongo 获取用户,但未能对其进行身份验证。它没有给我任何错误或任何东西,而且我是这个反应弹簧的新手。我正在努力调试它并获得任何可以掌握的东西。
解决方案
推荐阅读
- javascript - 展平对象数组中的嵌套对象
- excel - 条件格式以获取错误文档的百分比
- c# - Sharepoint 实时活动通知
- javascript - 我怎样才能分开数字和字符串(初学者,JS)
- python - 如何将字符串转换为列表?12345
- python - 我的所有程序中都有这个错误,我无法解决它。它被称为 NameError
- sql - 在两列之间提取不常见的 ID
- c# - 使用 openTK 绘图,保存到文件,显示在屏幕上
- visual-studio-code - 如何将 VS-Code / Shortcuts 中的控制组设置为特定文件?
- javascript - 如果文本包含特定单词,则在 iframe 中隐藏 css