英文:
Multiple authentication types in Webflux
问题
以下是您要翻译的内容:
我们有一个 API 服务,其中有多个暴露的 API,并且有多个人物可以访问我们的服务。
- 用户 - 需要在我们的系统中拥有帐户 -> 需要使用我们的身份提供者服务(Keycloak)进行身份验证,使用 JWT 令牌。
- 受监管系统 - 需要使用由某个方维护的中央权威进行身份验证。
- 内部服务之间的通信 -> 使用相同的 Keycloak 进行身份验证。
- 在用户数字验证移动号码后,由同一服务发出用于创建用户帐户的临时 JWT 令牌。
我尝试为每种身份验证类型都使用 AuthenticationWebFilter,并配置 Pathmatchers,尽管它能够通过正确的身份验证 Web 过滤器进行身份验证,但请求仍然会通过其他身份验证过滤器流动,并最终导致“未经授权”。
配置片段:
public class Configuration {
@Bean
@Order(1)
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity,
@Qualifier("userCreationFilter")
AuthenticationWebFilter userCreationFilter) {
final String[] WHITELISTED_URLS = {"**.json",
"/users/verify",
"/users/permit",
"/sessions",
"/internal/xxxxx/**",
"**.html",
"**.js",
"**.yaml",
"**.css",
"**.png"};
httpSecurity.authorizeExchange().pathMatchers(WHITELISTED_URLS).permitAll();
httpSecurity.addFilterBefore(userCreationFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.authorizeExchange()
.pathMatchers("/users")
.authenticated();
httpSecurity.httpBasic().disable().formLogin().disable().csrf().disable().logout().disable();
return httpSecurity.build();
}
@Bean
@Order(2)
public SecurityWebFilterChain securityWebFilterChain2(ServerHttpSecurity httpSecurity,
@Qualifier("managerFilter")
AuthenticationWebFilter managerFilter) {
httpSecurity.addFilterBefore(managerFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.authorizeExchange()
.pathMatchers("/xxxxx/**",
"/providers",
"/xxxxx/**/approve",
"/xxxx/**/xxxxx").authenticated();
return httpSecurity.build();
}
}
目前没有角色存在。
我尝试将所有配置保留在单个 SecurityWebFilterChain Bean 中,并尝试使用 addWebFilterAt,但没有成功。
我漏掉了什么?我应该用不同的方式来做吗?
英文:
We have an API service which has multiple APIs exposed, and there are multiple personas who/which can access our service.
- Users - Who needs to have an account in our system -> Needs to be
authenticated with our Identity Provider Service (Keycloak) with JWT
token. - Regulated System - Which needs to be authenticated with central
authority maintained by some party. - Internal service to service communication -> authentication with same
Keycloak. - Temporary JWT token issued by the same service before creating the user
account when the user digitally verified the mobile number.
I was trying to have AuthenticationWebFilter for each authentication type, and configure with Pathmatchers, though it was getting authenticated by the right authentication web filter, the request keeps flowing through the other authentication filter, and ends up resulting as unauthorized.
Snippet of configuration:
public class Configuration {
@Bean
@Order(1)
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity,
@Qualifier("userCreationFilter")
AuthenticationWebFilter userCreationFilter) {
final String[] WHITELISTED_URLS = {"/**.json",
"/users/verify",
"/users/permit",
"/sessions",
"/internal/xxxxx/**",
"/**.html",
"/**.js",
"/**.yaml",
"/**.css",
"/**.png"};
httpSecurity.authorizeExchange().pathMatchers(WHITELISTED_URLS).permitAll();
httpSecurity.addFilterBefore(userCreationFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.authorizeExchange()
.pathMatchers("/users")
.authenticated();
httpSecurity.httpBasic().disable().formLogin().disable().csrf().disable().logout().disable();
return httpSecurity.build();
}
@Bean
@Order(2)
public SecurityWebFilterChain securityWebFilterChain2(ServerHttpSecurity httpSecurity,
@Qualifier("managerFilter")
AuthenticationWebFilter managerFilter) {
httpSecurity.addFilterBefore(managerFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.authorizeExchange()
.pathMatchers("/xxxxx/**",
"/providers",
"/xxxxx/**/approve",
"/xxxx/**/xxxxx").authenticated();
return httpSecurity.build();
}
}
Right now there are no roles as such we have.
I tried keeping all configuration in single SecurityWebFilterChain Bean, and tried addWebFilterAt, but no luck.
What am I missing? Should I do it different way?
专注分享java语言的经验与见解,让所有开发者获益!
评论