下面列出了org.springframework.security.authentication.ReactiveAuthenticationManager#org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
//认证处理器
ReactiveAuthenticationManager customAuthenticationManager = new CustomAuthenticationManager(tokenStore);
JsonAuthenticationEntryPoint entryPoint = new JsonAuthenticationEntryPoint();
//token转换器
ServerBearerTokenAuthenticationConverter tokenAuthenticationConverter = new ServerBearerTokenAuthenticationConverter();
tokenAuthenticationConverter.setAllowUriQueryParameter(true);
//oauth2认证过滤器
AuthenticationWebFilter oauth2Filter = new AuthenticationWebFilter(customAuthenticationManager);
oauth2Filter.setServerAuthenticationConverter(tokenAuthenticationConverter);
oauth2Filter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
oauth2Filter.setAuthenticationSuccessHandler(new Oauth2AuthSuccessHandler());
http.addFilterAt(oauth2Filter, SecurityWebFiltersOrder.AUTHENTICATION);
ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = http.authorizeExchange();
if (securityProperties.getAuth().getHttpUrls().length > 0) {
authorizeExchange.pathMatchers(securityProperties.getAuth().getHttpUrls()).authenticated();
}
if (securityProperties.getIgnore().getUrls().length > 0) {
authorizeExchange.pathMatchers(securityProperties.getIgnore().getUrls()).permitAll();
}
authorizeExchange
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.anyExchange()
.access(permissionAuthManager)
.and()
.exceptionHandling()
.accessDeniedHandler(new JsonAccessDeniedHandler())
.authenticationEntryPoint(entryPoint)
.and()
.headers()
.frameOptions()
.disable()
.and()
.httpBasic().disable()
.csrf().disable();
return http.build();
}
public JwtAuthenticationWebFilter(final ReactiveAuthenticationManager authenticationManager,
final JwtAuthenticationConverter converter,
final UnauthorizedAuthenticationEntryPoint entryPoint) {
super(authenticationManager);
Assert.notNull(authenticationManager, "authenticationManager cannot be null");
Assert.notNull(converter, "converter cannot be null");
Assert.notNull(entryPoint, "entryPoint cannot be null");
setAuthenticationConverter(converter);
setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
setRequiresAuthenticationMatcher(new JWTHeadersExchangeMatcher());
}
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
// 自定义oauth2 认证, 使用redis读取token,而非jwt方式
JsonAuthenticationEntryPoint entryPoint = new JsonAuthenticationEntryPoint(accessLogService);
JsonAccessDeniedHandler accessDeniedHandler = new JsonAccessDeniedHandler(accessLogService);
AccessManager accessManager = new AccessManager(apiresourceLocator, apiProperties);
AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(new RedisAuthenticationManager(new RedisTokenStore(redisConnectionFactory)));
oauth2.setServerAuthenticationConverter(new ServerBearerTokenAuthenticationConverter());
oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
oauth2.setAuthenticationSuccessHandler(new ServerAuthenticationSuccessHandler() {
@Override
public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
ServerWebExchange exchange = webFilterExchange.getExchange();
SecurityContextServerWebExchange securityContextServerWebExchange = new SecurityContextServerWebExchange(exchange, ReactiveSecurityContextHolder.getContext().subscriberContext(
ReactiveSecurityContextHolder.withAuthentication(authentication)
));
return webFilterExchange.getChain().filter(securityContextServerWebExchange);
}
});
http
.httpBasic().disable()
.csrf().disable()
.authorizeExchange()
.pathMatchers("/").permitAll()
// 动态权限验证
.anyExchange().access(accessManager)
.and().exceptionHandling()
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(entryPoint).and()
// 日志前置过滤器
.addFilterAt(new PreRequestFilter(), SecurityWebFiltersOrder.FIRST)
// 跨域过滤器
.addFilterAt(corsFilter(), SecurityWebFiltersOrder.CORS)
// 签名验证过滤器
.addFilterAt(new PreSignatureFilter(baseAppServiceClient,apiProperties, new JsonSignatureDeniedHandler(accessLogService)), SecurityWebFiltersOrder.CSRF)
// 访问验证前置过滤器
.addFilterAt(new PreCheckFilter(accessManager, accessDeniedHandler), SecurityWebFiltersOrder.CSRF)
// oauth2认证过滤器
.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION)
// 日志过滤器
.addFilterAt(new AccessLogFilter(accessLogService), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
return http.build();
}