Springboot SpringWebFlux SecurityConfig 从属性文件加载凭据
[英]Springboot SpringWebFlux SecurityConfig load credentials from properties file
问题描述
I am using spring web flux with springboot 2.2.1.RELEASE.
我正在使用带有 springboot 2.2.1.RELEASE 的 spring web flux。 I have configured web security like this我已经像这样配置了网络安全
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
return http
.csrf().disable()
.authorizeExchange()
.pathMatchers("/actuator/**").permitAll()
.pathMatchers("/customer/**").hasRole("INTERNAL_APP")
.and()
.httpBasic()
.and()
.csrf().disable()
.formLogin().disable()
.build();
}
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username("someusername")
.password("{bcrypt}$2a$10$fll1CVzOQ5qVGvzwwLlldsfsgwCgai7LxrzBkNxl2Xh41Ghk5pRWa")
.roles("INTERNAL_APP")
.build();
return new MapReactiveUserDetailsService(user);
}
}
This is working perfectly fine.这工作得很好。 What I need now is to load username, password and role from properties file.我现在需要的是从属性文件中加载用户名、密码和角色。 I am not able to achieve this.我无法实现这一目标。 I have tried with @Value and also using @ConfigurationProperties .我尝试过使用@Value也使用过@ConfigurationProperties 。 But no luck so far.但到目前为止没有运气。
I believe PropertyFileLoader Autoconfiguration is executed after SecurityConfiguration.我相信 PropertyFileLoader 自动配置是在 SecurityConfiguration 之后执行的。 Hence the fields are not loaded.(Just my guess).因此没有加载字段。(只是我的猜测)。
Does anyone have any clue as to how I can avoid hardcoding of credentials in this config file and instead load from properties file.有没有人知道如何避免在此配置文件中硬编码凭据,而是从属性文件加载。
I know that with WebSecurity It was possible to do this.我知道使用WebSecurity可以做到这一点。 But somehow not working with WebFluxSecurity但不知何故不适用于WebFluxSecurity
1 个解决方案
解决方案1
1 已采纳 2019-12-23 18:36:46
I'm able to load/access user and password from application.properties via org.springframework.core.env.Environment我可以通过org.springframework.core.env.Environment从application.properties加载/访问用户和密码
secret.user=user
secret.password=$2a$10$Gid/Ax6gZpTqT/SElZ3shO7oDsX7kdX7u1qPM.StfDyuccOcbnbgG
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Autowired private Environment environment;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
....
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username(environment.getProperty("secret.user")) // <----
.password(environment.getProperty("secret.password")) // <----
.roles("INTERNAL_APP")
.build();
return new MapReactiveUserDetailsService(user);
}
}
ref github: springboot-springwebflux-securityconfig-load-credentials-from-properties-file参考 github: springboot-springwebflux-securityconfig-load-credentials-from-properties-file
ALTERNATIVE you could use ConfigurationProperties替代方案,您可以使用ConfigurationProperties
@Configuration
@ConfigurationProperties(prefix = "secret")
class SecuredProperties {
private String user;
private String password;
// getters and setters
}
@Configuration
@EnableWebFluxSecurity
class SecurityConfig {
private SecuredProperties securedProperties;
SecurityConfig(SecuredProperties securedProperties){
this.securedProperties = securedProperties;
}
.....
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username(securedProperties.getUser()) // <---
.password(securedProperties.getPassword()) // <---
.roles("INTERNAL_APP")
.build();
return new MapReactiveUserDetailsService(user);
}
ref github using configutation properties 使用配置属性引用 github
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.