下面列出了怎么用org.springframework.security.authentication.ReactiveAuthenticationManager的API类实例代码及写法,或者点击链接到github查看源代码。
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
//认证处理器
ReactiveAuthenticationManager customAuthenticationManager = new CustomAuthenticationManager(tokenStore);
JsonAuthenticationEntryPoint entryPoint = new JsonAuthenticationEntryPoint();
//token转换器
ServerBearerTokenAuthenticationConverter tokenAuthenticationConverter = new ServerBearerTokenAuthenticationConverter();
tokenAuthenticationConverter.setAllowUriQueryParameter(true);
//oauth2认证过滤器
AuthenticationWebFilter oauth2Filter = new AuthenticationWebFilter(customAuthenticationManager);
oauth2Filter.setServerAuthenticationConverter(tokenAuthenticationConverter);
oauth2Filter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
oauth2Filter.setAuthenticationSuccessHandler(new Oauth2AuthSuccessHandler());
http.addFilterAt(oauth2Filter, SecurityWebFiltersOrder.AUTHENTICATION);
ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = http.authorizeExchange();
if (securityProperties.getAuth().getHttpUrls().length > 0) {
authorizeExchange.pathMatchers(securityProperties.getAuth().getHttpUrls()).authenticated();
}
if (securityProperties.getIgnore().getUrls().length > 0) {
authorizeExchange.pathMatchers(securityProperties.getIgnore().getUrls()).permitAll();
}
authorizeExchange
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.anyExchange()
.access(permissionAuthManager)
.and()
.exceptionHandling()
.accessDeniedHandler(new JsonAccessDeniedHandler())
.authenticationEntryPoint(entryPoint)
.and()
.headers()
.frameOptions()
.disable()
.and()
.httpBasic().disable()
.csrf().disable();
return http.build();
}
public JwtAuthenticationWebFilter(final ReactiveAuthenticationManager authenticationManager,
final JwtAuthenticationConverter converter,
final UnauthorizedAuthenticationEntryPoint entryPoint) {
super(authenticationManager);
Assert.notNull(authenticationManager, "authenticationManager cannot be null");
Assert.notNull(converter, "converter cannot be null");
Assert.notNull(entryPoint, "entryPoint cannot be null");
setAuthenticationConverter(converter);
setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
setRequiresAuthenticationMatcher(new JWTHeadersExchangeMatcher());
}
WebFilter securityFilterChainJustRoleWay(final ReactiveAuthenticationManager reactiveAuthenticationManager) {
return HttpSecurity.http()
.authorizeExchange()
.pathMatchers("/**")
.hasRole("ADMIN")
.and()
.httpBasic()
.authenticationManager(reactiveAuthenticationManager)
.build();
}
@Bean
WebFilter springSecurityFilterChain(ReactiveAuthenticationManager manager) throws Exception {
HttpSecurity http = http();
// FIXME use BeanPostProcessor to set the manager
http.authenticationManager(manager);
http.httpBasic();
AuthorizeRequestBuilder authorize = http.authorizeRequests();
authorize.antMatchers("/admin/**").hasRole("ADMIN");
authorize.anyExchange().authenticated();
return http.build();
}
@Bean
protected ReactiveAuthenticationManager reactiveAuthenticationManager() {
return authentication -> {
try {
UserDetails userDetails = userDetailsService
.loadUserByUsername((String) authentication.getPrincipal());
if (userDetails.getPassword().equals(authentication.getCredentials())) {
authentication.setAuthenticated(true);
}
return Mono.just(authentication);
} catch (UsernameNotFoundException e) {
return Mono.error(e);
}
};
}
public ReactiveAuthenticationManager customersAuthenticationManager() {
return authentication -> customer(authentication)
.switchIfEmpty(Mono.error(new UsernameNotFoundException(authentication
.getPrincipal()
.toString())))
.map(b -> new UsernamePasswordAuthenticationToken(authentication.getPrincipal(),
authentication.getCredentials(),
Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))
)
);
}
public ReactiveAuthenticationManager employeesAuthenticationManager() {
return authentication -> employee(authentication)
.switchIfEmpty(Mono.error(new UsernameNotFoundException(authentication
.getPrincipal()
.toString())))
.map(
b -> new UsernamePasswordAuthenticationToken(authentication.getPrincipal(),
authentication.getCredentials(),
Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))
)
);
}
@Bean
public ReactiveAuthenticationManager authenticationManager(ReactiveUserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
UserDetailsRepositoryReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService);
manager.setPasswordEncoder(passwordEncoder);
return manager;
}
@Bean
public ReactiveAuthenticationManager authenticationManager(ReactiveUserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
UserDetailsRepositoryReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService);
manager.setPasswordEncoder(passwordEncoder);
return manager;
}
/**
* Authentication
*/
@Bean
ReactiveAuthenticationManager reactiveAuthenticationManager(final UserDetailsRepository userDetailsRepository) {
return new UserDetailsRepositoryAuthenticationManager(userDetailsRepository);
}
public void setAuthenticationManager(ReactiveAuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public HttpSecurity authenticationManager(ReactiveAuthenticationManager manager) {
this.authenticationManager = manager;
return this;
}
@Bean
public ReactiveAuthenticationManager authenticationManager(UserRepositoryUserDetailsRepository udr) {
return new UserDetailsAuthenticationManager(udr);
}