[英]How to make a Spring API to be a public webservice accessible through Internet?
[英]How to make the path public in RSocketSecurity(Spring)
我為 RSocketSecurity 配置了 class 類似的東西
@Configuration
@EnableRSocketSecurity
@EnableReactiveMethodSecurity
class RSocketAuthConfiguration {
並對其進行授權(僅允許經過身份驗證的用戶訂閱)
security.addPayloadInterceptor(interceptor).authorizePayload {
it.setup().authenticated().anyRequest().permitAll()
}
我想設置一些可以公開訪問的路由,但其中大多數應該是經過授權的。 實現這一目標的最佳方法是什么?
遵循以下原則的東西應該可以工作:
@Configuration
@EnableRSocketSecurity
@EnableReactiveMethodSecurity
class RSocketSecurityConfiguration(val authenticationService: AuthenticationService) {
@Bean
fun authorization(security: RSocketSecurity): PayloadSocketAcceptorInterceptor {
return security
.authorizePayload {
it.route("route-A").hasRole("role-A")
.route("route-B").permitAll()
}
.simpleAuthentication(Customizer.withDefaults())
.authenticationManager(authenticationService)
.build()
}
}
route-A
已通過身份驗證並需要role-A
,而route-B
是公開可用的。
Spring Security Rsocket分別配置setup
和route
。
以下是配置部分的示例。
@Bean
public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
return rsocket
.authorizePayload(
authorize -> {
authorize
// must have ROLE_SETUP to make connection
.setup().hasRole("SETUP")
// must have ROLE_ADMIN for routes starting with "greet."
.route("greet*").hasRole("ADMIN")
// any other request must be authenticated for
.anyRequest().authenticated();
}
)
.basicAuthentication(Customizer.withDefaults())
.build();
}
從我的 Github 中獲取 完整示例。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.