我一直在使用Spring Cloud Gateway和Spring Security保护我的执行器端点,并使用自定义网关过滤器进行授权过滤。 以下是我的实现:
为了确保Spring安全,我使用了以下配置:
@EnableWebFluxSecurity
public class WebSecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.csrf().disable().authorizeExchange().pathMatchers("/actuator/**").authenticated().anyExchange().permitAll().and().httpBasic();
return http.build();
}
}
我的自定义过滤器是这样的:
@Component
public class AuthorizationRequestFilter implements GatewayFilterFactory<AuthorizationRequestFilter.Config>, Ordered {
@Override
public GatewayFilter apply(Config config) {
return (exchange, chain) -> {
ServerHttpRequest request = exchange.getRequest();
String authToken = request.getHeaders().getFirst("Authorization");
if (StringUtils.isEmpty(authToken)) {
exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
byte[] response = "{\"status\":\"401\",\"message\":\"Unauthorized.\"}".getBytes(StandardCharsets.UTF_8);
DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(response);
return exchange.getResponse().writeWith(Flux.just(buffer));
}
return chain.filter(exchange.mutate().request(request).build());
};
}
@Override
public Config newConfig() {
return new Config("AuthorizationRequestFilter");
}
public static class Config {
public Config(String name) {
this.name = name;
}
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
@Override
public int getOrder() {
return 1;
}
}
有什么办法可以在一个可以同时配置两者的地方实现这一目标吗?