[英]Reactive spring security authentication using R2DBC mysql connection
After about 2 weeks of reading countless tutorials/javadocs and trying to get Spring security to work using a webflux, R2DBC and mysql combo to work, I'm finally ready to admit that I'm stuck:(在阅读了大约 2 周的无数教程/javadoc 并尝试使用 webflux、R2DBC 和 mysql 组合让 Spring 安全工作之后,我终于准备好承认我被卡住了:(
Every login request is being blocked, even though the details are correct (matched using online BCrypt verifier).每个登录请求都被阻止,即使详细信息是正确的(使用在线 BCrypt 验证器匹配)。
Is there a gap in my understanding?我的理解有差距吗? have I missed something?我错过了什么吗?
Any pointers would be greatly appreciated.任何指针将不胜感激。
ReactiveAuthenticationManager ReactiveAuthenticationManager
@Bean
protected ReactiveAuthenticationManager reactiveAuthenticationManager() {
log.info("Received authentication request");
return authentication -> {
UserDetailsRepositoryReactiveAuthenticationManager authenticator = new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService);
authenticator.setPasswordEncoder(passwordEncoder);
return authenticator.authenticate(authentication);
};
}
UserDetailsService用户详情服务
@Component
public class UserDetailsService implements ReactiveUserDetailsService {
@Autowired
public UserRepository userRepository;
@Override
public Mono<UserDetails> findByUsername(String username) {
return userRepository.findByUsername(username).map(CustomUser::new);
};
}
Filters过滤器
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
//require that all
.authorizeExchange(
exchanges ->exchanges.anyExchange().authenticated()
)
.httpBasic(withDefaults())
//this allows js to read cookie
.csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
.formLogin(
withDefaults()
);
return http.build();
}
CustomUser自定义用户
public class CustomUser implements UserDetails {
private String username;
private String password;
private int enabled;
public CustomUser(){
}
public CustomUser(UserDetails user){
this.setUsername(user.getUsername());
this.setPassword(user.getPassword());
this.setEnabled(user.isEnabled() == true?1:0);
log.info("Match found : " + this.toString());
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
}
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return this.enabled == 1;
}
}
Answering my own question, just in case anybody is having the same problem.回答我自己的问题,以防万一有人遇到同样的问题。 AuthenticationManager
interface and the AuthenticationProvider
interface both have the authenticate()
method. AuthenticationManager
接口和AuthenticationProvider
接口都有authenticate()
方法。 I belive the correct one to use would be one from class <? extends AuthenticationProvider>
我相信正确使用的是 class <? extends AuthenticationProvider>
<? extends AuthenticationProvider>
However, in the absence of a ready-made reactive AuthenticationProvider
for databases, I simply did the following:但是,在没有现成的反应式数据库AuthenticationProvider
的情况下,我只是做了以下操作:
@Bean
protected ReactiveAuthenticationManager reactiveAuthenticationManager() {
return authentication -> {
userDetailsService.findByUsername( authentication.getPrincipal().toString() )
.switchIfEmpty( Mono.error( new UsernameNotFoundException("User not found")))
.flatMap(user->{
final String username = authentication.getPrincipal().toString();
final CharSequence rawPassword = authentication.getCredentials().toString();
if( passwordEncoder.matches(rawPassword, user.getPassword())){
log.info("User has been authenticated {}", username);
return Mono.just( new UsernamePasswordAuthenticationToken(username, user.getPassword(), user.getAuthorities()) );
}
//This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the isAuthenticated() will return false.
return Mono.just( new UsernamePasswordAuthenticationToken(username, authentication.getCredentials()) );
});
};
}
Hope this helps somebody.希望这对某人有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.