[英]Spring Boot Rest API Secruity
I looking for a way to create an annotation for Spring Boot that i can apply to my API methods or controller in my REST API that will secure the endpoint. 我正在寻找一种为Spring Boot创建注释的方法,该方法可以应用于我的REST API中的API方法或控制器,以保护端点。 But i am having issues finding a guide or documentation on how to do this. 但是我在寻找有关如何执行此操作的指南或文档时遇到了问题。
Example: 例:
@RestController
@RequestMapping("auth")
public class AuthenticationController {
@RequestMapping(value = "login", method = RequestMethod.POST)
public TokenResponse login(@RequestBody LogInRequest request) throws InvalidLogInException {}
@Authorize
@RequestMapping(value = "me", method = RequestMethod.GET)
public UserResponse getMe() {}
}
or 要么
@Authorize
@RestController
@RequestMapping("books")
public class AuthenticationController {
@RequestMapping(value = "/", method = RequestMethod.GET)
public BooksResponse getMyBooks() {}
@RequestMapping(value = "/wish", method = RequestMethod.GET)
public BooksResponse getWishList() {}
}
I have looked into the build in Spring Security, but it is way more in-deep then what i need. 我已经研究了Spring Security中的构建,但是比我需要的更深入。 I simply just need a middle-ware that will validate a token provided in the header: If it is valid add the user id to the request context and let the request pass though. 我只需要一个中间件,它将验证标头中提供的令牌:如果有效,则将用户ID添加到请求上下文中,并让请求通过。 If not return a 401 Unauthorized Error and don't allow the API method to run. 如果未返回401未经授权错误,并且不允许运行API方法。
If I understand what you mean correctly, then you can try this. 如果我正确理解您的意思,则可以尝试一下。
First, new a file called SecurityConfig.java
, it is to enable the configuration of annotation configuration and handle "401". 首先,新建一个名为SecurityConfig.java
的文件,它将启用注释配置的配置并处理“ 401”。
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/*
Enable annotation.
"an annotation for Spring Boot that i can apply to my API methods".
https://docs.spring.io/spring-security/site/docs/current/reference/html5/#jc-method
*/
@EnableGlobalMethodSecurity(securedEnabled = true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
/*
Enable "401".
"If not return a 401 Unauthorized Error and don't allow the API method to run".
*/
http.exceptionHandling().accessDeniedPage("/401");
// You can add more configuration, Please check the Source code of HttpSecurity.
}
}
Next, The code example you provided could be modified like this: 接下来,您可以对提供的代码示例进行如下修改:
// For specific use of annotations, you can check here:
// https://docs.spring.io/spring-security/site/docs/current/reference/html5/#jc-method
@Secured("ROLE_USER")
@RestController
@RequestMapping("auth")
public class AuthenticationController {
@RequestMapping(value = "login", method = RequestMethod.POST)
public TokenResponse login(@RequestBody LogInRequest request) throws InvalidLogInException {}
@Authorize
@RequestMapping(value = "me", method = RequestMethod.GET)
public UserResponse getMe() {}
}
emmmm, you should also add this. emmmm,您还应该添加此内容。
...
@RequestMapping("/401")
...
There is a pretty simple way to execute this. 有一个非常简单的方法可以执行此操作。 Below are the steps: 步骤如下:
A detailed and excellent tutorial is available here 此处有详细且出色的教程
I have put that into practice and already using it. 我已经将其付诸实践并已经使用它。 You might need some customization based on your needs. 您可能需要根据需要进行一些自定义。 For the same, feel free to ask me your doubts. 同样,请随时问我您的疑问。 Will be happy to help. 乐于提供帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.