Spring Boot webflux中的线程本地remove()

Question

我有一个 Web 过滤器，它在 ThreadLocal 属性中设置一个对象，并且我试图了解应该如何/何时清除此本地线程 (ThreadLocal.remove()) 以避免出现异常“用户上下文已经启动”。 发生这种情况是因为它是从 Spring Boot 线程池中使用先前设置的值进行检索的。

我正在使用 Spring Webflux。

我在哪里可以挂钩这个 SecurityAuthorizationContext.clean() 调用？

public class SecurityAuthorizationContext
{
    private static final ThreadLocal<PrivilegeHolder> userContext = new ThreadLocal<>();

    private final List<String> roles;

    private SecurityAuthorizationContext(List<String> roles)
    {
        this.roles = roles;
    }

    public static void create(List<String> roles)
    {
        if (nonNull(userContext.get()))
        {
            log.error("User context already initiated.");
            throw new AuthorizationException("User context already initiated.");
        }

        PrivilegeHolder privilegeHolder = new PrivilegeHolder();
        userContext.set(privilegeHolder);

        // example of privileges retrieved from database by the user roles
        privilegeHolder.add(INSERT);
        privilegeHolder.add(DELETE);
    }

    public static void clean()
    {
        userContext.remove();
    }

    public static boolean hasInsertPrivilege()
    {
        return userContext.get().hasPrivilege(INSERT);
    }

    public static boolean hasDeletePrivilege()
    {
        return userContext.get().hasPrivilege(DELETE);
    } 
}

public class AuthorizationFilter implements OrderedWebFilter
{
    private static final String USER_ROLES = "user-roles";

    @Override
    public int getOrder()
    {
        return SecurityWebFiltersOrder.AUTHORIZATION.getOrder();
    }

    @Override
    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain)
    {
        ServerHttpRequest request = serverWebExchange.getRequest();
        HttpHeaders headers = request.getHeaders();

        List<String> roles = headers.get(USER_ROLES);

        SecurityAuthorizationContext.create(roles);

        return webFilterChain.filter(serverWebExchange);
    }        
}

@Configuration
@EnableWebFluxSecurity
@EnableTransactionManagement
public class ApplicationConfiguration
{    
    @Autowired
    private AuthorizationFilter authorizationFilter;

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http)
    {
        return http
            .csrf().disable()
            .authorizeExchange()
            .pathMatchers("/**").permitAll()
            .and()
            .addFilterAt(authorizationFilter, AUTHORIZATION)
            .build();
    }    
}

更新：长话短说......我只想从请求标头中提取一些内容，并使其可用于所有堆栈而不将其作为参数传递。

Answer 1

因此，最好使用 reactor 上下文而不是 ThreadLocal，您可以在这里阅读： https : //projectreactor.io/docs/core/release/reference/#context

Spring Boot webflux中的线程本地remove()

问题描述

1 个解决方案

解决方案1
0 2021-11-05 11:24:53

Spring Boot webflux中的线程本地remove()

问题描述

1 个解决方案

解决方案1 0 2021-11-05 11:24:53

解决方案1
0 2021-11-05 11:24:53