Spring Integration Yoda在那里
我正致力于对从JSF应用程序启动的JavaScript小部件启用REST Web服务调用。 REST上已经存在服务的实现,并且不包括OAuth 2.0安全性。目标是在通过安全网关传递所有JS调用时保持服务不变。
为了实现这一目标,我开始使用我的第一个Mule Enterprise原型,其中包括对Spring spring和HTTP入站/出站端点的OAuth扩充。这是Mule提出的方法。
之后,我的第二个原型是Spring Security / Spring集成。并且本质上是相同的OAuth 2.0提供程序,安全规则和HTTP入站/出站网关。在使用弹簧支撑时,我被告知这不起作用(原因如下)。根据我的理解,Mule和SI非常相似,我应该能够用另一个替换一个“胶水”。这可能不是SI的预想用途,我想验证我是否仍然可以使用它。
此外,网关的配置是什么,它将基本上创建一个管道并减少开销?
感谢您花时间验证或反驳我的理论。
伊雷娜
配置代码摘录:
<sec:http pattern="/mycompany/api/myws/service/v[^/]+/.*" request-matcher="regex"
create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
use-expressions="true" >
<sec:anonymous enabled="false" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/gateway1/op1\?([^&]+&)*tenant=[0-9]+(&[^&]+)*"
access="#oauth2.hasAnyScope('SCOPE1', 'SCOPE2', 'SCOPE3') and #mycompany.tenantAllowed()"
method="GET" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/gateway2/op1\?([^&]+&)*tenant=[0-9]+(&[^&]+)*"
access="#oauth2.hasAnyScope('SCOPE1', 'SCOPE2', 'SCOPE3') and #mycompany.tenantAllowed() and hasRole('ROLE1')"
method="GET" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/gateway3/tenant/[0-9]+/identifier1/[0-9]+(/identifier2/[0-9]+)?(\?.+)?"
access="#oauth2.hasAnyScope('SCOPE1', 'SCOPE2', 'SCOPE3') and #mycompany.tenantAllowed() and #mycompany.identifier1Allowed() and hasRole('ROLE1')"
method="GET" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/gateway3/tenant/[0-9]+/identifier1/[0-9]+/op1(\?.+)?"
access="#oauth2.hasAnyScope('SCOPE1', 'SCOPE2', 'SCOPE3') and #mycompany.tenantAllowed() and #mycompany.identifier1Allowed() and #mycompany.issuedForIdentifier1() and hasRole('ROLE1')"
method="POST" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/gateway3/tenant/[0-9]+/identifier1/[0-9]+/op2(\?.+)?"
access="#oauth2.hasAnyScope('SCOPE1', 'SCOPE2', 'SCOPE3') and #mycompany.tenantAllowed() and #mycompany.identifier1Allowed() and hasRole('ROLE1')"
method="POST" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/gateway3/op3/tenant/[0-9]+/identifier1/[0-9]+/identifier3/[^/]+/identifier4/[0-9]+(\?.+)?"
access="#oauth2.hasAnyScope('SCOPE1', 'SCOPE2', 'SCOPE3') and #mycompany.tenantAllowed() and #mycompany.identifier1Allowed() and #mycompany.issuedForIdentifier1() and hasRole('ROLE2')"
method="POST" />
<sec:intercept-url pattern="/mycompany/api/myws/service/v[^/]+/.*" access="denyAll()" />
<sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:expression-handler ref="oauthWebExpressionHandler" />
</sec:http>
<int-http:inbound-gateway id="gateway1op1"
request-payload-type="java.lang.String"
supported-methods="GET"
request-channel="mywsRequest"
reply-channel="mywsResponse"
path="/mycompany/api/myws/service/{version}/gateway1/op1"
>
<int-http:header name="outboundMethod" expression="'GET'"/>
<int-http:header name="version" expression="#pathVariables.version"/>
<int-http:header name="pathInfo" expression="'gateway1/op1'"/>
<int-http:header name="queryString" expression="'?tenant=' + #requestParams['tenant']
+ '&query=' + #requestParams['query']
+ (#requestParams['format'] != null?'&format=' + #requestParams['format']:'')
+ (#requestParams['identifier0'] != null?'&identifier0=' + #requestParams['identifier0']:'') "/>
</int-http:inbound-gateway>
<int-http:inbound-gateway id="gateway2op1"
request-payload-type="java.lang.String"
supported-methods="GET"
request-channel="mywsRequest"
reply-channel="mywsResponse"
path="/mycompany/api/myws/service/{version}/gateway2/op1"
>
<int-http:header name="outboundMethod" expression="'GET'"/>
<int-http:header name="version" expression="#pathVariables.version"/>
<int-http:header name="pathInfo" expression="'gateway2/op1'"/>
<int-http:header name="queryString" expression="'?tenant=' + #requestParams['tenant']
+ (#requestParams['format'] != null?'&format=' + #requestParams['format']:'')
+ T(com.google.common.base.Joiner).on('').skipNulls().join(#requestParams['type'] .!['&type=' + #this]) "/>
</int-http:inbound-gateway>
<int-http:inbound-gateway id="gateway3op1"
request-payload-type="java.lang.String"
supported-methods="GET"
request-channel="mywsRequest"
reply-channel="mywsResponse"
path="/mycompany/api/myws/service/{version}/gateway3/tenant/{tenant}/identifier1/{identifier1}"
>
<int-http:header name="outboundMethod" expression="'GET'"/>
<int-http:header name="version" expression="#pathVariables.version"/>
<int-http:header name="pathInfo" expression="'gateway3/tenant/' + #pathVariables.tenant + '/identifier1/' + #pathVariables.identifier1"/>
<int-http:header name="queryString" expression="(#requestParams['format'] != null?'?format=' + #requestParams['format']:'') "/>
</int-http:inbound-gateway>
<int-http:inbound-gateway id="gateway3Info"
request-payload-type="java.lang.String"
supported-methods="GET"
request-channel="mywsRequest"
reply-channel="mywsResponse"
path="/mycompany/api/myws/service/{version}/gateway3/tenant/{tenant}/identifier1/{identifier1}/identifier2/{identifier2}"
>
<int-http:header name="outboundMethod" expression="'GET'"/>
<int-http:header name="version" expression="#pathVariables.version"/>
<int-http:header name="pathInfo" expression="'gateway3/tenant/' + #pathVariables.tenant + '/identifier1/' + #pathVariables.identifier1 + '/identifier2/' + #pathVariables.identifier2"/>
<int-http:header name="queryString" expression="(#requestParams['format'] != null?'?format=' + #requestParams['format']:'') "/>
</int-http:inbound-gateway>
<int-http:inbound-gateway id="gateway3op1op2"
supported-methods="POST"
request-channel="mywsRequest"
reply-channel="mywsResponse"
path="/mycompany/api/myws/service/{version}/gateway3/tenant/{tenant}/identifier1/{identifier1}/{command}"
>
<int-http:header name="outboundMethod" expression="'POST'"/>
<int-http:header name="version" expression="#pathVariables.version"/>
<int-http:header name="pathInfo" expression="'gateway3/tenant/' + #pathVariables.tenant + '/identifier1/' + #pathVariables.identifier1 + '/' + #pathVariables.command"/>
<int-http:header name="queryString" expression="(#requestParams['format'] != null?'?format=' + #requestParams['format']:'') "/>
</int-http:inbound-gateway>
<int-http:inbound-gateway id="gateway3op3"
supported-methods="POST"
request-channel="mywsRequest"
reply-channel="mywsResponse"
path="/mycompany/api/myws/service/{version}/gateway3/op3/tenant/{tenant}/identifier1/{identifier1}/identifier3/{identifier3}/identifier4/{identifier4}"
>
<int-http:header name="outboundMethod" expression="'POST'"/>
<int-http:header name="version" expression="#pathVariables.version"/>
<int-http:header name="pathInfo" expression="'gateway3/op3/tenant/' + #pathVariables.tenant + '/identifier1/' + #pathVariables.identifier1 + '/identifier3/' + #pathVariables.identifier3 + '/identifier4/' + #pathVariables.identifier4"/>
<int-http:header name="queryString" expression="(#requestParams['format'] != null?'?format=' + #requestParams['format']:'') "/>
</int-http:inbound-gateway>
<int:channel id="mywsRequest" />
<int:channel id="mywsResponse" />
<int-http:outbound-gateway request-channel="mywsRequest" reply-channel="mywsResponse"
url-expression="@accessor.mywsEndpoint + headers.pathInfo + headers.queryString"
http-method-expression="headers.outboundMethod"
expected-response-type="java.lang.String"
request-factory="customRequestFactory"
>
支持回复:
SI可能不适合这种功能。这是 原因:
spring集成使用“Message”类型的消息。进入频道的所有内容都必须是“消息”类型。这有效 意味着每个HttpRequest都需要转换为SI消息和副消息 反之亦然。与HttpResponse相同。
spring集成不会直接暴露HttpRequest对象。相反,它们在SI内部隐式处理,这简化了 请求处理。即对请求参数的简单访问,标题 值,路径变量......但在你的情况下,这是一个复杂的问题。和 复杂性在入站网关配置中可见。
以后可能会出现更普遍的问题,特别是在大请求(即文件上传)的情况下。将处理所有此类请求 在代理的内存中,可能会导致问题
可能存在并发性能问题,因为每个请求都将在单独的线程中处理,但是这个问题不是SI 具体
我给了你一些理由重新考虑使用SI代理。我 不知道是什么激励你做出这个决定,你见过没有 关于这个例子,教程或博客文章?如果,请告诉我 是的,我会看看它。
由你决定你做出的决定取决于你。但同时 时间我没有给你任何关于使用什么的想法,因为这是 超出范围的技术支持。但是如果你有兴趣的话 我可以联系我们的工程师并安排咨询服务 你。