自拍偷在线精品自拍偷,亚洲欧美中文日韩v在线观看不卡

Spring WebFlux Security結(jié)合R2DBC實(shí)現(xiàn)權(quán)限控制

作者:Springboot實(shí)戰(zhàn)案例錦集
開發(fā) 前端
我們這里對(duì)實(shí)現(xiàn)的原理做簡(jiǎn)單的接收,主要核心是WebFilter。

環(huán)境:Springboot2.7.7

依賴管理

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-data-r2dbc</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
  <groupId>dev.miku</groupId>
  <artifactId>r2dbc-mysql</artifactId>
  <version>0.8.2.RELEASE</version>
</dependency>

配置管理

spring:
  r2dbc:
    url: r2dbc:mysql://localhost:3306/testjpa?serverZoneId=GMT%2B8
    username: root
    password: 123123
    pool:
      initialSize: 100
      maxSize: 200
      maxCreateConnectionTime: 30s
---
logging:
  level:
    '[org.springframework.r2dbc]': DEBUG

實(shí)體對(duì)象,Repository,Service

@Table("t_users")
public class Users implements UserDetails {
  @Id
  private Integer id ;
  private String username ;
  private String password ;
}

這里實(shí)體對(duì)象實(shí)現(xiàn)了UserDetials,在后續(xù)配置的ReactiveUserDetailsService 配置返回值必須是UserDetails

Repository接口

public interface UsersRepository extends ReactiveSortingRepository<Users, String> {
Mono<Users> findByUsername(String username);
}

Service類

@Service
public class UsersService {

  @Resource
  private R2dbcEntityTemplate template;
  @Resource
  private UsersRepository ur ;

  public Mono<Users> queryUserByUsername(String username) {
    return ur.findByUsername(username) ;
  }
  
  public Mono<Users> queryUserByUsernameAndPassword(String username, String password) {
    return ur.findByUsernameAndPassword(username, password) ;
  }

  public Flux<Users> queryUsers() {
    return template.select(Users.class).all() ;
  }
  
}

數(shù)據(jù)庫(kù)中插入幾條數(shù)據(jù)

圖片

單元測(cè)試

@SpringBootTest
class SpringBootWebfluxSecurity2ApplicationTests {

  @Resource
  private UsersService usersService ;
  
  @Test
  public void testQueryUserByUsername() throws Exception {
    usersService.queryUserByUsername("admin")
      .doOnNext(System.out::println)
      .subscribe() ;
      System.in.read() ;
  }

}

輸出

2023-01-12 17:43:48.863 DEBUG 16612 --- [           main] o.s.w.r.r.m.a.ControllerMethodResolver   : ControllerAdvice beans: none
2023-01-12 17:43:48.896 DEBUG 16612 --- [           main] o.s.w.s.adapter.HttpWebHandlerAdapter    : enableLoggingRequestDetails='false': form data and headers will be masked to prevent unsafe logging of potentially sensitive data
2023-01-12 17:43:49.147  INFO 16612 --- [           main] ringBootWebfluxSecurity2ApplicationTests : Started SpringBootWebfluxSecurity2ApplicationTests in 1.778 seconds (JVM running for 2.356)
2023-01-12 17:43:50.141 DEBUG 16612 --- [actor-tcp-nio-2] o.s.r2dbc.core.DefaultDatabaseClient     : Executing SQL statement [SELECT t_users.id, t_users.username, t_users.password FROM t_users WHERE t_users.username = ?]
Users [id=3, username=admin, password=123123]

正常,接下來(lái)就是進(jìn)行Security的配置

@Configuration
@EnableReactiveMethodSecurity
public class ReactiveSecurityConfig {

  // 根據(jù)用戶名查詢用戶信息
  @Bean
  public ReactiveUserDetailsService reativeUserDetailsService(UsersService usersService) {
    return username -> usersService.queryUserByUsername(username).map(user -> {
      return (UserDetails) user;
    });
  }
  // 根據(jù)查詢出的用戶進(jìn)行密碼比對(duì),沒(méi)有對(duì)密碼進(jìn)行加密所有就進(jìn)行簡(jiǎn)單的equals比較
  @Bean
  public PasswordEncoder passwordEncoder() {
    return new PasswordEncoder() {
      @Override
      public String encode(CharSequence rawPassword) {
        return rawPassword.toString();
      }
      @Override
      public boolean matches(CharSequence rawPassword, String encodedPassword) {
        return rawPassword.toString().equals(encodedPassword);
      }
    };
  }
  @Order(Ordered.HIGHEST_PRECEDENCE + 1)
  @Bean
  public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange((authorize) -> 
        authorize
          // 配置資源訪問(wèn)權(quán)限,對(duì)于靜態(tài)資源直接放行
          .pathMatchers("/resources/**", "/favicon.ico").permitAll()
          // /users開頭的接口必須擁有ROLE_ADMIN角色
          .pathMatchers("/users/**").hasRole("ADMIN")
          // /api開頭的接口通過(guò)自定義驗(yàn)證邏輯控制                 
          .pathMatchers("/api/**").access((authentication, context) -> {
            return authentication.map(auth -> {
              if ("user1".equals(auth.getName())) {
                return new AuthorizationDecision(false);
              }
              MultiValueMap<String, String> params = context.getExchange().getRequest().getQueryParams();
              List<String> sk = params.get("sk");
              if (sk == null || sk.get(0).equals("u")) {
                return new AuthorizationDecision(false);
              }
              return new AuthorizationDecision(true);
            });
          }).anyExchange().authenticated());
    // 異常處理
    http.exceptionHandling(execSpec -> {
      // 無(wú)權(quán)限時(shí)響應(yīng)策略
      execSpec.accessDeniedHandler((exchange, denied) -> {
        ServerHttpResponse response = exchange.getResponse() ;
        response.getHeaders().add("Content-Type", "text/plain;charset=UTF-8");
        DataBuffer body = response.bufferFactory().allocateBuffer() ;
        body.write("無(wú)權(quán)限 - " + denied.getMessage(), StandardCharsets.UTF_8) ;
        return response.writeWith(Mono.just(body)) ;
      }) ;
      // 沒(méi)有登錄配置統(tǒng)一認(rèn)證入口,這里默認(rèn)系統(tǒng)提供的登錄頁(yè)面
      execSpec.authenticationEntryPoint((exchange, ex) -> {
        ServerHttpResponse response = exchange.getResponse() ;
        response.getHeaders().add("Content-Type", "text/html;charset=UTF-8");
        DataBuffer body = response.bufferFactory().allocateBuffer() ;
        body.write("請(qǐng)先登錄 - " + ex.getMessage(), StandardCharsets.UTF_8) ;
        return response.writeWith(Mono.just(body)) ;
      }) ;
    }) ;
    http.csrf(csrf -> csrf.disable());
    http.formLogin();
    return http.build();
  }

}

以上就是Security的配置。這里就不做測(cè)試了

原理

這里對(duì)實(shí)現(xiàn)的原理做簡(jiǎn)單的接收,主要核心是WebFilter

自動(dòng)配置類中

public class ReactiveSecurityAutoConfiguration {
  // 這里通過(guò)注解啟用了Security功能
  @EnableWebFluxSecurity
  static class EnableWebFluxSecurityConfiguration {
  }
}

EnableWebFluxSecurity

@Import({ ServerHttpSecurityConfiguration.class, WebFluxSecurityConfiguration.class,
    ReactiveOAuth2ClientImportSelector.class })
@Configuration
public @interface EnableWebFluxSecurity {
}

這里有個(gè)重要的ServerHttpSecurityConfiguration和WebFluxSecurityConfiguration配置類

@Configuration(proxyBeanMethods = false)
class ServerHttpSecurityConfiguration {
  // 該類用來(lái)自定義配置我們的信息,也就是上面我們自定義的SecurityWebFilterChain
  // 通過(guò)ServerHttpSecurity構(gòu)建SecurityWebFilterChain
  @Bean(HTTPSECURITY_BEAN_NAME)
  @Scope("prototype")
  ServerHttpSecurity httpSecurity() {
    ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity();
    return http.authenticationManager(authenticationManager())
      .headers().and()
      .logout().and();
  }
}

WebFluxSecurityConfiguration

配置類最主要就是用來(lái)配置一個(gè)WebFilter

@Configuration(proxyBeanMethods = false)
class WebFluxSecurityConfiguration {
  private List<SecurityWebFilterChain> securityWebFilterChains;
  // 注入當(dāng)前系統(tǒng)中的所有SecurityWebFilterChain,主要就是我們自定義實(shí)現(xiàn)的該類型
  @Autowired(required = false)
  void setSecurityWebFilterChains(List<SecurityWebFilterChain> securityWebFilterChains) {
    this.securityWebFilterChains = securityWebFilterChains;
  }
  @Bean(SPRING_SECURITY_WEBFILTERCHAINFILTER_BEAN_NAME)
  @Order(WEB_FILTER_CHAIN_FILTER_ORDER)
  WebFilterChainProxy springSecurityWebFilterChainFilter() {
    return new WebFilterChainProxy(getSecurityWebFilterChains());
  }
  private List<SecurityWebFilterChain> getSecurityWebFilterChains() {
    List<SecurityWebFilterChain> result = this.securityWebFilterChains;
    if (ObjectUtils.isEmpty(result)) {
      return Arrays.asList(springSecurityFilterChain());
    }
    return result;
  }
}

WebFilterChainProxy核心過(guò)濾器

public class WebFilterChainProxy implements WebFilter {

  private final List<SecurityWebFilterChain> filters;
  @Override
  public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    return Flux.fromIterable(this.filters)
      .filterWhen((securityWebFilterChain) -> securityWebFilterChain.matches(exchange)).next()
      .switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
      .flatMap((securityWebFilterChain) -> securityWebFilterChain.getWebFilters().collectList())
      .map((filters) -> new FilteringWebHandler(chain::filter, filters)).map(DefaultWebFilterChain::new)
      .flatMap((securedChain) -> securedChain.filter(exchange));
  }

}

以上就是WebFlux中應(yīng)用Security的原理

責(zé)任編輯:武曉燕 來(lái)源: 實(shí)戰(zhàn)案例錦集
WebFilterR2DBC權(quán)限
相關(guān)推薦

2023-09-21 08:01:27

SpringR2DBC實(shí)現(xiàn)數(shù)據(jù)庫(kù)

2022-03-29 07:32:38

R2DBC數(shù)據(jù)庫(kù)反應(yīng)式

2022-08-30 08:36:13

Spring權(quán)限控制

2022-08-30 08:43:11

Spring權(quán)限控制

2022-08-15 08:42:46

權(quán)限控制Spring

2022-08-30 08:55:49

Spring權(quán)限控制

2022-08-15 08:45:21

Spring權(quán)限控制

2022-08-30 08:50:07

Spring權(quán)限控制

2022-06-16 10:38:24

URL權(quán)限源代碼

2020-05-08 10:34:30

Spring非阻塞編程

2024-02-18 12:44:22

2020-06-17 08:31:10

權(quán)限控制Spring Secu

2021-07-27 10:49:10

SpringSecurity權(quán)限

2025-03-13 07:33:46

Spring項(xiàng)目開發(fā)

2020-09-16 08:07:54

權(quán)限粒度Spring Secu

2011-03-01 16:44:02

Hyper-V Ser

2022-01-07 07:29:08

Rbac權(quán)限模型

2020-05-25 07:00:00

雙因素認(rèn)證身份認(rèn)證密碼

2022-11-04 11:44:56

WebFluxCURDWeb

2023-09-04 11:52:53

SpringMVC性能
點(diǎn)贊
收藏

51CTO技術(shù)棧公眾號(hào)