如何使用 Spring 安全性在 Spring 引导应用程序中配置 RSocket 安全性
[英]How to configure RSocket security in a Spring Boot application with Spring Security
问题描述
RSocket seems to be a nice alternative to HTTP/S for microservice to microservice communication.
对于微服务到微服务的通信,RSocket 似乎是 HTTP/S 的一个不错的替代方案。 Fortunately Spring Boot already has a smooth integration that eases the configuration of it.幸运的是 Spring Boot 已经有一个平滑的集成,可以简化它的配置。
However I am missing information about everything related to RSocket security, both in RSocket and Spring (Boot, Security) documentation.但是,我在 RSocket 和 Spring (Boot, Security) 文档中都缺少有关 RSocket 安全性的所有信息。
My questions are:我的问题是:
1) How can we configure RSocket to use TLS (in the context of a Spring Boot application)? 1)我们如何配置 RSocket 以使用 TLS(在 Spring 引导应用程序的上下文中)?
2) Does Spring Security add any additional features to RSocket security? 2) Spring Security 是否为 RSocket 安全添加了任何附加功能? Things that come to my head, imagine we want to propagate a JWT token from one application to another, how could it be passed and validated through an RSocket?我想到的事情,假设我们想将 JWT 令牌从一个应用程序传播到另一个应用程序,它如何通过 RSocket 传递和验证?
1 个解决方案
解决方案1
2 已采纳 2019-09-30 05:46:32
I recently wrote a post on how to use Spring Security Basic Authentication with RSocket.我最近写了一篇关于如何使用 Spring Security Basic Authentication with RSocket 的帖子。 In for your first question, You can use TcpClientTransport.create(TcpClient.create().port(7000).secure()) when connecting to RSocketServer .对于您的第一个问题,您可以在连接到RSocketServer时使用TcpClientTransport.create(TcpClient.create().port(7000).secure()) 。
RSocketRequester.builder()
.dataMimeType(MimeTypeUtils.APPLICATION_JSON)
.rsocketStrategies(rSocketStrategies)
.rsocketFactory(clientRSocketFactory -> {
clientRSocketFactory.frameDecoder(PayloadDecoder.ZERO_COPY);
})
.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
.connect(TcpClientTransport.create(TcpClient.create().port(7000).secure()))
.block();
And for the second question, When accessing RSocket message endpoints you can use对于第二个问题,当访问 RSocket 消息端点时,您可以使用
BearerTokenMetadata credentials = new BearerTokenMetadata("jwt-token");
return rSocketRequester
.route("taxis")
.metadata(credentials, BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
.data(new TaxisRequest(type, from, to))
.retrieveMono(TaxisResponse.class);
And during RSocketServer setup for the PayloadSocketAcceptorInterceptor you can use jwt as below.在为PayloadSocketAcceptorInterceptor设置 RSocketServer 期间,您可以使用jwt ,如下所示。
@Bean
public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
rsocket.authorizePayload(authorize -> {
authorize
// must have ROLE_SETUP to make connection
.setup().hasRole("SETUP")
// must have ROLE_ADMIN for routes starting with "taxis."
.route("taxis*").hasRole("ADMIN")
// any other request must be authenticated for
.anyRequest().authenticated();
})
.jwt(Customizer.withDefaults());
return rsocket.build();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.