如何在 spring 引导安全性中将特定的 GraphQL 查询或突变作为公共 API?
[英]how to make a specific GraphQL query or mutation as public API in spring boot security?
问题描述
how to make a specific GraphQL query as public API in spring boot security?
如何在 spring 启动安全性中将特定的 GraphQL 查询作为公共 API?
In REST API, we can specify the URL as public like the following code在REST API中,我们可以像下面的代码一样指定URL为public
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return web -> web.ignoring().requestMatchers(CorsUtils::isPreFlightRequest)
.antMatchers("/actuator/**", "/graphiql/**", "/voyager/**", "/vendor/**");
}
How to do the same for specific GraphQL query or mutation ,如何对特定的 GraphQL query或mutation做同样的事情,
query {
listEmployee(){
id
}
}
1 个解决方案
解决方案1
1 已采纳 2022-10-07 13:37:25
GraphQL uses a single endpoint for all queries and mutations. GraphQL 对所有查询和变更使用单个端点。 This is one of the main differences when compared to REST.这是与 REST 相比的主要区别之一。
That means you cannot control its security at the URL level if you want a query or mutation to have different security settings than others as they all have the same URL. Instead every query and mutation is backed by their own resolver method.这意味着如果您希望查询或突变具有与其他查询或突变不同的安全设置,则您无法在 URL 级别控制其安全性,因为它们都具有相同的 URL。相反,每个查询和突变都由它们自己的解析器方法支持。 You can control security at the method level using @PreAuthorize etc… (More info) .您可以使用@PreAuthorize等在方法级别控制安全性…… (更多信息) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.