[英]Question: does @SessionScope work in JHipster API Gateway Java application?
we're having a JHipster-based API Gateway application which currently uses JJWT for .. I don't even know how to name it properly.. for security? 我们有一个基于JHipster的API网关应用程序,该应用程序当前将JJWT用于..为了安全起见,我什至不知道如何正确命名。
We're having an issue that we need to authenticate our user in a 3rd party service whenever it requests some operation against that 3rd party. 我们遇到了一个问题,即当用户请求针对第三方的某些操作时,我们需要对其进行身份验证。 So the idea is to use
@SessionScope
-d bean to keep user credentials in the 3rd party. 因此,想法是使用
@SessionScope
-d bean将用户凭据保留在第三方中。 Is it going to work? 它会起作用吗? I am confused that JWT is said to be stateless.. What approach should the community propose then ?
我对JWT据说是无国籍的感到困惑。社区应该提出什么方法? thanks
谢谢
This is what has been investigated by my colleague: 我的同事对此进行了调查:
To support @SessionScope
annotation functionality for our gateway (UI - backend) firstly we should adjust some configuration: 为了支持我们的网关(UI-后端)的
@SessionScope
批注功能,我们首先应该调整一些配置:
http-only
session parameter to false: http-only
会话参数更改为false: server: servlet: session: cookie: http-only: false
服务器:servlet:会话:cookie:仅HTTP:false
server: servlet: session: timeout: 86400
服务器:servlet:会话:超时:86400
SecurityConfiguration.java
: SecurityConfiguration.java
完成: @Override public void configure(HttpSecurity http) throws Exception { http.sessionCreationPolicy(SessionCreationPolicy.ALWAYS); @Override public void configure(HttpSecurity http)引发异常{http.sessionCreationPolicy(SessionCreationPolicy.ALWAYS); }
}
From this point we will have session which will store Spring Secuirty context for each authenticated user but it will never be used for authenticate mechanism as we already have JWT for that purpose. 从这一点开始,我们将有一个会话,该会话将为每个经过身份验证的用户存储Spring Secuirty上下文,但是它将永远不会用于身份验证机制,因为我们已经为此目的使用了JWT。 We will use session only for storing custom data.
我们仅将会话用于存储自定义数据。
After configuration we can now create custom bean for session scope: CustomSessionScopeBean.java
: 配置完成后,我们现在可以为会话范围创建自定义bean:
CustomSessionScopeBean.java
:
@Component
@SessionScope
public class CustomSessionScopeBean{
@Getter
@Setter
///What ever you want to store in session scope
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.