stackoom
  简体   繁体   中英

How to configure RSocket security in a Spring Boot application with Spring Security

 原文  2019-09-27 08:26:29       spring-boot/ spring-security/ rsocket

Question

RSocket seems to be a nice alternative to HTTP/S for microservice to microservice communication. Fortunately Spring Boot already has a smooth integration that eases the configuration of it.

However I am missing information about everything related to RSocket security, both in RSocket and Spring (Boot, Security) documentation.

My questions are:

1) How can we configure RSocket to use TLS (in the context of a Spring Boot application)?

2) Does Spring Security add any additional features to RSocket security? Things that come to my head, imagine we want to propagate a JWT token from one application to another, how could it be passed and validated through an RSocket?

1 answers

solution1
 2 ACCPTED  2019-09-30 05:46:32

I recently wrote a post on how to use Spring Security Basic Authentication with RSocket. In for your first question, You can use TcpClientTransport.create(TcpClient.create().port(7000).secure()) when connecting to RSocketServer .

RSocketRequester.builder()
                .dataMimeType(MimeTypeUtils.APPLICATION_JSON)
                .rsocketStrategies(rSocketStrategies)
                .rsocketFactory(clientRSocketFactory -> {
                    clientRSocketFactory.frameDecoder(PayloadDecoder.ZERO_COPY);
                })
                .setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
                .connect(TcpClientTransport.create(TcpClient.create().port(7000).secure()))
                .block();

And for the second question, When accessing RSocket message endpoints you can use

        BearerTokenMetadata credentials = new BearerTokenMetadata("jwt-token");
        return rSocketRequester
                .route("taxis")
                .metadata(credentials, BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
                .data(new TaxisRequest(type, from, to))
                .retrieveMono(TaxisResponse.class);

And during RSocketServer setup for the PayloadSocketAcceptorInterceptor you can use jwt as below.

    @Bean
    public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
        rsocket.authorizePayload(authorize -> {
            authorize
                    // must have ROLE_SETUP to make connection
                    .setup().hasRole("SETUP")
                    // must have ROLE_ADMIN for routes starting with "taxis."
                    .route("taxis*").hasRole("ADMIN")
                    // any other request must be authenticated for
                    .anyRequest().authenticated();
            })
            .jwt(Customizer.withDefaults());

            return rsocket.build();
        }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Boot, how to configure spring security using application.proerties How to configure CORS in a Spring Boot + Spring Security application? Configure Security at Spring Boot how to configure spring security for spring boot project How to include Spring Security in a spring boot application Spring Boot application security How to configure multiple security contexts in Spring Boot? How to configure Spring 4.0 with spring boot and spring security openId How to configure spring security How to deal with Spring Boot Angular application security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM