[英]Passing principal user from one spring boot microservice to other springboot microservice
我有两个 java spring boot 微服务。 调度程序微服务和多边形微服务。 在调用端点之前实现 SpringSecurity '''
package com.ericsson.dop.polygonmanager.config;
import com.ericsson.edosdp.dop.commons.config.ProdProfileCondition;
import com.ericsson.edosdp.dop.commons.config.SessionConfig;
import com.ericsson.edosdp.dop.commons.config.access.AccessService;
import com.ericsson.edosdp.dop.commons.config.access.CustomerOnlyRoleSuffixAccessService;
import com.ericsson.edosdp.dop.commons.config.access.MethodSecurityConfiguration;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
/**
* Configures HTTP access for prod profile.
*/
@Configuration
@Conditional(ProdProfileCondition.class)
@Import({MethodSecurityConfiguration.class, SessionConfig.class})
@EnableRedisHttpSession
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* Allowed security roles.
*/
private String[] securityRoles;
private String[] modulePrefix;
@Value("${manager.security.authorization.roles}")
public void setSecurityRoles(String[] securityRoles) {
this.securityRoles = securityRoles.clone();
}
@Value("${manager.security.authorization.prefix}")
public void setModulePrefix(String[] modulePrefix) {
this.modulePrefix = modulePrefix;
}
@Bean
public AccessService accessService() {
return new CustomerOnlyRoleSuffixAccessService(modulePrefix);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/**")
.hasAnyAuthority(securityRoles)
.and()
.logout()
.logoutSuccessUrl("/");
}
}
//
public class CustomerOnlyRoleSuffixAccessService extends RoleSuffixAccessService {
private static final String UNDERSCORE = "_";
private static final String AGNOSTIC_FLAVOR = "AGNOSTIC";
private static final String AGNOSTIC_SUFFIX = UNDERSCORE + AGNOSTIC_FLAVOR + ENGINEER_SUFFIX;
private static final Logger LOGGER = LoggerFactory.getLogger(CustomerOnlyRoleSuffixAccessService.class);
public CustomerOnlyRoleSuffixAccessService(String[] modulePrefix) {
super(modulePrefix);
}
public CustomerOnlyRoleSuffixAccessService() {
super();
}
public CustomerOnlyRoleSuffixAccessService(String[] modulePrefix, String rolePrefixPattern) {
super(modulePrefix, rolePrefixPattern);
}
@Override
public boolean check(Principal user, String customer, String[] modulePrefix, String vendor, String technology) {
LOGGER.debug(String.format("Checking access for customer [%s] for user [%s]...", customer, user.getName()));
if (customer == null) {
// for cases where customer comes from an empty filter.
return false;
}
List<RoleBean> roles = getRoleBeans(user);
if (roles.contains(ROLE_ADMIN_BEAN)) {
// Access granted for admin role.
LOGGER.debug("Access granted!");
return true;
}
// Only customer is taken into account when building roles.
// Example: ROLE_NDOSW_DEV_VDT_ATT_ENGINEER
Set<RoleBean> expectedRoles = Arrays.stream(modulePrefix).map(prefix -> new RoleBean(prefix + customer.toUpperCase() + AGNOSTIC_SUFFIX)).collect(Collectors.toSet());
Set<RoleBean> agnosticRoles = roles.stream().peek(role -> role.setFlavor(AGNOSTIC_FLAVOR)).collect(Collectors.toSet());
// Access is granted for the expected roles or admin role
boolean accessGranted = !CollectionUtils.intersection(agnosticRoles, expectedRoles).isEmpty();
LOGGER.debug(accessGranted ? "Access granted!" : "Permission denied!");
return accessGranted;
}
}
多边形微服务有一个这样的端点
@PostMapping(path = "/update", produces = {MediaType.APPLICATION_JSON_VALUE})
public long batchUpdate(@RequestBody List<PolygonInfoDto> polygonsUpdates,
Principal user) throws PolygonManagerException {
return service.safeBatchUpdate(user,service.listAllById(polygonsUpdates.stream().map(PolygonInfoDto::getId).collect(Collectors.toList())), polygonsUpdates);
}
现在从调度程序微服务我必须调用上述端点。 通常它接受 sessionid,但在调度的情况下,我无法传递所需的信息来访问端点,如何将主要用户和权限信息从调度程序微服务传递到多边形微服务?
谢谢。
尝试在您的服务中使用 RestTemplate 类中的交换方法:
import org.springframework.web.client.RestTemplate;
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String> result =
restTemplate.exchange(url,HttpMethod.GET, entity, String.class);
return result.getBody().toString();
Spring Boot微服务框架如何从一个微服务调用另一个微服务
[英]spring boot microservice framework how to call another microservice from one microservice
如何使用 Apache Kafka 使用 SpringBoot 将数据从一个微服务发送到另一个微服务?
[英]How to use Apache Kafka to send data from one microservice to other microservice using SpringBoot?
Spring Boot 微服务依赖 Jenkins 中的另一个微服务
[英]Spring Boot Microservice depends on another Microservice in Jenkins
从另一个springboot微服务上传文件到一个graphql springboot微服务
[英]Upload file to a graphql springboot microservice from another springboot microservice
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.