堆栈内存溢出
  简体   繁体   English

问题:@SessionScope是否可以在JHipster API Gateway Java应用程序中工作?

[英]Question: does @SessionScope work in JHipster API Gateway Java application?

 原文  2019-02-26 13:14:11       spring-mvc/ jhipster

问题描述

we're having a JHipster-based API Gateway application which currently uses JJWT for .. I don't even know how to name it properly.. for security? 我们有一个基于JHipster的API网关应用程序,该应用程序当前将JJWT用于..为了安全起见,我什至不知道如何正确命名。

We're having an issue that we need to authenticate our user in a 3rd party service whenever it requests some operation against that 3rd party. 我们遇到了一个问题,即当用户请求针对第三方的某些操作时,我们需要对其进行身份验证。 So the idea is to use @SessionScope -d bean to keep user credentials in the 3rd party. 因此,想法是使用@SessionScope -d bean将用户凭据保留在第三方中。 Is it going to work? 它会起作用吗? I am confused that JWT is said to be stateless.. What approach should the community propose then ? 我对JWT据说是无国籍的感到困惑。社区应该提出什么方法? thanks 谢谢

1 个解决方案

解决方案1
 0  2019-02-28 10:54:43

This is what has been investigated by my colleague: 我的同事对此进行了调查:

To support @SessionScope annotation functionality for our gateway (UI - backend) firstly we should adjust some configuration: 为了支持我们的网关(UI-后端)的@SessionScope批注功能,我们首先应该调整一些配置:

  1. In the application.yml we should change http-only session parameter to false: 在application.yml中,我们应该将http-only会话参数更改为false:

server: servlet: session: cookie: http-only: false 服务器:servlet:会话:cookie:仅HTTP:false

  1. Then we should configure session timeout to correlate it with our JWT token lifetime: 然后,我们应该配置会话超时,以使其与我们的JWT令牌生存期相关联:

server: servlet: session: timeout: 86400 服务器:servlet:会话:超时:86400

  1. Finally we should configure session creation policy. 最后,我们应该配置会话创建策略。 This can be done in the SecurityConfiguration.java : 这可以在SecurityConfiguration.java完成:

@Override public void configure(HttpSecurity http) throws Exception { http.sessionCreationPolicy(SessionCreationPolicy.ALWAYS); @Override public void configure(HttpSecurity http)引发异常{http.sessionCreationPolicy(SessionCreationPolicy.ALWAYS); } }

From this point we will have session which will store Spring Secuirty context for each authenticated user but it will never be used for authenticate mechanism as we already have JWT for that purpose. 从这一点开始,我们将有一个会话,该会话将为每个经过身份验证的用户存储Spring Secuirty上下文,但是它将永远不会用于身份验证机制,因为我们已经为此目的使用了JWT。 We will use session only for storing custom data. 我们仅将会话用于存储自定义数据。

After configuration we can now create custom bean for session scope: CustomSessionScopeBean.java : 配置完成后,我们现在可以为会话范围创建自定义bean: CustomSessionScopeBean.java 

@Component
@SessionScope
public class CustomSessionScopeBean{
    @Getter
    @Setter
    ///What ever you want to store in session scope
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么内部化不适用于 JHIpster 微服务应用程序 - Why internalization is not working with JHIpster Microservices application @SessionScope 和 @SessionAttribute 的区别 - Difference Between @SessionScope and @SessionAttribute 在 Api Gateway 中拦截请求 - Intercepting requests in Api Gateway 表单验证在 Spring Mvc 应用程序中不起作用 - Form validation does not work in Spring Mvc Application JHipster Post REST API显示SQL错误 - JHipster Post REST API Displays SQL Error Java Spring MVC Maven项目不起作用 - Java Spring MVC Maven project does not work Spring Security:Java Config不起作用 - Spring Security: Java Config does not work Spring MVC应用程序中的SMS网关 - Sms Gateway in spring mvc application 无法获取服务器发送的事件和事件源以在JHipster中工作 - Can't get server sent events and event source to work in JHipster 启动应用程序Spring MVC + Grunt + JHipster + AngularJS时出现问题 - Issue with starting application Spring MVC + Grunt + JHipster + AngularJS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM