堆栈内存溢出
  繁体   English   中英

使用 R2DBC mysql 连接的 Reactive spring 安全认证

[英]Reactive spring security authentication using R2DBC mysql connection

 原文  2022-04-12 12:48:43       spring-boot/ authentication/ spring-security/ r2dbc-mysql

问题描述

在阅读了大约 2 周的无数教程/javadoc 并尝试使用 webflux、R2DBC 和 mysql 组合让 Spring 安全工作之后,我终于准备好承认我被卡住了:(

每个登录请求都被阻止,即使详细信息是正确的(使用在线 BCrypt 验证器匹配)。

我的理解有差距吗? 我错过了什么吗?

任何指针将不胜感激。

ReactiveAuthenticationManager

@Bean
protected ReactiveAuthenticationManager reactiveAuthenticationManager() {

    log.info("Received authentication request");

    return authentication -> {

        UserDetailsRepositoryReactiveAuthenticationManager authenticator = new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService);
        authenticator.setPasswordEncoder(passwordEncoder);

        return authenticator.authenticate(authentication);
    };
}

用户详情服务

@Component
public class UserDetailsService implements ReactiveUserDetailsService {

    @Autowired
    public UserRepository userRepository;

    @Override
    public Mono<UserDetails> findByUsername(String username) {

        return userRepository.findByUsername(username).map(CustomUser::new);
    };
}

过滤器

@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {


    http
            //require that all
            .authorizeExchange(
                exchanges ->exchanges.anyExchange().authenticated()
            )

            .httpBasic(withDefaults())

            //this allows js to read cookie
            .csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))

            .formLogin(
                withDefaults()
            );


    return http.build();

}

自定义用户

public class CustomUser implements UserDetails {

    private String username;
    private String password;
    private int enabled;

    public CustomUser(){
    }

    public CustomUser(UserDetails user){

        this.setUsername(user.getUsername());
        this.setPassword(user.getPassword());
        this.setEnabled(user.isEnabled() == true?1:0);

        log.info("Match found : " + this.toString());
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {

        return Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
    }

    @Override
    public String getPassword() {
        return this.password;
    }

    @Override
    public String getUsername() {
        return this.username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return false;
    }

    @Override
    public boolean isAccountNonLocked() {
        return false;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return false;
    }

    @Override
    public boolean isEnabled() {
        return this.enabled == 1;
    }

}

1 个解决方案

解决方案1
 2 已采纳  2022-04-15 22:09:03

回答我自己的问题,以防万一有人遇到同样的问题。 AuthenticationManager接口和AuthenticationProvider接口都有authenticate()方法。 我相信正确使用的是 class <? extends AuthenticationProvider> <? extends AuthenticationProvider>

但是,在没有现成的反应式数据库AuthenticationProvider的情况下,我只是做了以下操作:

@Bean
protected ReactiveAuthenticationManager reactiveAuthenticationManager() {

    return authentication -> { 
                userDetailsService.findByUsername( authentication.getPrincipal().toString() )

                .switchIfEmpty( Mono.error( new UsernameNotFoundException("User not found")))

                .flatMap(user->{

                    final String username           =   authentication.getPrincipal().toString();
                    final CharSequence rawPassword  =   authentication.getCredentials().toString();

                    if( passwordEncoder.matches(rawPassword, user.getPassword())){

                        log.info("User has been authenticated {}", username);
                        return Mono.just( new UsernamePasswordAuthenticationToken(username, user.getPassword(), user.getAuthorities()) );
                    }

                    //This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the isAuthenticated() will return false.
                    return Mono.just( new UsernamePasswordAuthenticationToken(username, authentication.getCredentials()) );
                });
    };
}

希望这对某人有帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 获取R2DBC连接失败 Java Spring 带有 MySQL 的 Spring Boot R2DBC - 异常:找不到表 Spring 数据多主机设置 MYSQL R2DBC Spring Data with R2DBC(Mysql) 一对多关联示例 Spring Boot 和 R2DBC:io.r2dbc.spi.R2dbcNonTransientResourceException:连接验证失败 Spring R2DBC DatabaseClient.as(…) 使用 Spring Boot 的多个 R2DBC 数据源 兼容版本Spring Cloud,R2DBC Spring 数据 r2dbc - 实体 inheritance 找不到存储库 Spring R2DBC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM