如何在不执行 controller 处理程序的情况下从 Spring WebGraphQlInterceptor 短路?
[英]How to short-circuit from Spring WebGraphQlInterceptor without executing controller handler?
问题描述
I have a Spring WebFlux application and am trying to write a WebGraphQlInterceptor to enforce authorization.
我有一个 Spring WebFlux 应用程序,我正在尝试编写一个WebGraphQlInterceptor来强制执行授权。 The authorization requires access to HTTP headers and GraphQL variables, both of which are easily accessible from a WebGraphQlInterceptor .授权需要访问 HTTP 标头和 GraphQL 变量,这两者都可以从WebGraphQlInterceptor轻松访问。 However, if the request fails authorization, I do not want to execute the controller handler and instead exit early with an error response.但是,如果请求授权失败,我不想执行 controller 处理程序,而是提前退出并返回错误响应。 I have the custom error response working OK, but I cannot figure out how to bypass the controller -- it seems like I'm required to proceed down the original chain, execute the controller, and only then return the error response.我的自定义错误响应工作正常,但我不知道如何绕过 controller——似乎我需要继续沿着原始链执行 controller,然后才返回错误响应。
I'm hoping there's an easy solution I'm missing.我希望我缺少一个简单的解决方案。 The documentation seems sparse on this topic with very few examples online.关于这个主题的文档似乎很少,在线示例很少。 The WebGraphQlInterceptor documentation lists some methods like apply() that sound like they might be helpful for altering the chain, but it's not clear how to use them. WebGraphQlInterceptor 文档列出了一些方法,例如apply()听起来它们可能有助于改变链,但不清楚如何使用它们。 The interceptor interface requires a WebGraphQlResponse to be returned, and I can't find a way to return it without continuing down the original chain with chain.next(request) below:拦截器接口需要返回一个WebGraphQlResponse ,如果不使用下面的chain.next(request)继续沿原始链向下移动,我找不到返回它的方法:
@Override
public Mono<WebGraphQlResponse> intercept(WebGraphQlRequest request, Chain chain) {
return chain.next(request).map(response -> {
// Custom logic...
});
}
I also tried constructing my own custom WebGraphQlResponse from scratch to return from the interceptor, but this felt like a hack and a lot of unnecessary overhead.我还尝试从头开始构建我自己的自定义WebGraphQlResponse以从拦截器返回,但这感觉像是一个 hack 和很多不必要的开销。
I don't want the controller to be executed at all if authorization fails.如果授权失败,我根本不希望执行 controller。 Is this even possible with the WebGraphQlInterceptor?这甚至可以通过 WebGraphQlInterceptor 实现吗? And what would the simplest implementation look like?最简单的实现是什么样的?
PS The WebFilter doesn't help me here because I need easy access to GraphQL variables, which isn't possible with WebFilters. PS WebFilter在这里对我没有帮助,因为我需要轻松访问 GraphQL 变量,而 WebFilters 则无法做到这一点。
1 个解决方案
解决方案1
0 2023-06-09 01:00:05
I found a workaround that involves an extra piece.我找到了一个涉及额外部分的解决方法。
I made my WebGraphQlInterceptor pass the HTTP authorization headers to the GraphQL context, where it's then accessible via FieldValidation GraphQL instrumentation .我让我的WebGraphQlInterceptor将 HTTP 授权标头传递到 GraphQL 上下文,然后可以通过 FieldValidation GraphQL instrumentation访问它。 The FieldValidation GraphQL instrumentation runs later in the chain, after the GraphQL body has been parsed, so it has easy access to GraphQL variables. FieldValidation GraphQL 检测在链中稍后运行,在 GraphQL 主体被解析之后,因此它可以轻松访问 GraphQL 变量。 It also has access to original HTTP header values since the interceptor passed those via the GraphQL context.它还可以访问原始 HTTP header 值,因为拦截器通过 GraphQL 上下文传递了这些值。 Then, based on whether the user is authorized or not, I made the field instrumentation return either a GraphQLError or an empty error list.然后,根据用户是否获得授权,我让现场检测返回一个 GraphQLError 或一个空的错误列表。 If it returns an error, the framework correctly bypasses the controller and returns the error to the client.如果返回错误,框架会正确绕过 controller 并将错误返回给客户端。
Here's a relevant post in the spring-graphql GitHub: https://github.com/spring-projects/spring-graphql/issues/529#issuecomment-1310194130这是 spring-graphql GitHub 中的相关帖子: https://github.com/spring-projects/spring-graphql/issues/529#issuecomment-1310194130
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.