[英]Springboot SpringWebFlux SecurityConfig load credentials from properties file
I am using spring web flux with springboot 2.2.1.RELEASE.我正在使用带有 springboot 2.2.1.RELEASE 的 spring web flux。 I have configured web security like this
我已经像这样配置了网络安全
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
return http
.csrf().disable()
.authorizeExchange()
.pathMatchers("/actuator/**").permitAll()
.pathMatchers("/customer/**").hasRole("INTERNAL_APP")
.and()
.httpBasic()
.and()
.csrf().disable()
.formLogin().disable()
.build();
}
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username("someusername")
.password("{bcrypt}$2a$10$fll1CVzOQ5qVGvzwwLlldsfsgwCgai7LxrzBkNxl2Xh41Ghk5pRWa")
.roles("INTERNAL_APP")
.build();
return new MapReactiveUserDetailsService(user);
}
}
This is working perfectly fine.这工作得很好。 What I need now is to load username, password and role from properties file.
我现在需要的是从属性文件中加载用户名、密码和角色。 I am not able to achieve this.
我无法实现这一目标。 I have tried with
@Value
and also using @ConfigurationProperties
.我尝试过使用
@Value
也使用过@ConfigurationProperties
。 But no luck so far.但到目前为止没有运气。
I believe PropertyFileLoader Autoconfiguration is executed after SecurityConfiguration.我相信 PropertyFileLoader 自动配置是在 SecurityConfiguration 之后执行的。 Hence the fields are not loaded.(Just my guess).
因此没有加载字段。(只是我的猜测)。
Does anyone have any clue as to how I can avoid hardcoding of credentials in this config file and instead load from properties file.有没有人知道如何避免在此配置文件中硬编码凭据,而是从属性文件加载。
I know that with WebSecurity
It was possible to do this.我知道使用
WebSecurity
可以做到这一点。 But somehow not working with WebFluxSecurity
但不知何故不适用于
WebFluxSecurity
I'm able to load/access user and password from application.properties
via org.springframework.core.env.Environment
我可以通过
org.springframework.core.env.Environment
从application.properties
加载/访问用户和密码
secret.user=user
secret.password=$2a$10$Gid/Ax6gZpTqT/SElZ3shO7oDsX7kdX7u1qPM.StfDyuccOcbnbgG
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Autowired private Environment environment;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
....
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username(environment.getProperty("secret.user")) // <----
.password(environment.getProperty("secret.password")) // <----
.roles("INTERNAL_APP")
.build();
return new MapReactiveUserDetailsService(user);
}
}
ref github: springboot-springwebflux-securityconfig-load-credentials-from-properties-file参考 github: springboot-springwebflux-securityconfig-load-credentials-from-properties-file
ALTERNATIVE you could use ConfigurationProperties
替代方案,您可以使用
ConfigurationProperties
@Configuration
@ConfigurationProperties(prefix = "secret")
class SecuredProperties {
private String user;
private String password;
// getters and setters
}
@Configuration
@EnableWebFluxSecurity
class SecurityConfig {
private SecuredProperties securedProperties;
SecurityConfig(SecuredProperties securedProperties){
this.securedProperties = securedProperties;
}
.....
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username(securedProperties.getUser()) // <---
.password(securedProperties.getPassword()) // <---
.roles("INTERNAL_APP")
.build();
return new MapReactiveUserDetailsService(user);
}
ref github using configutation properties 使用配置属性引用 github
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.