线程间共享的主体

时间:2018-12-07 01:23:06

标签: java spring spring-security spring-security-oauth2

我正在使用Spring OAuth2。我已如下配置ResourceServer。对服务进行并发调用时,多个线程错误地共享同一主体。该配置是否导致主体共享?如果没有,那么可能是什么原因的任何想法?

EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .headers()
        .contentSecurityPolicy("script-src 'self'")
        .and()
        .frameOptions()
        .deny()
        .and()
        .requestMatchers()
        .and()
        .authorizeRequests()
        .antMatchers(HttpMethod.GET, PERMISSIBLE_PATHS).permitAll()
        .anyRequest().authenticated();
  }

  @Bean
  public PrincipalExtractor principalExtractor() {
    return map -> map.get(USER_CLAIM);
  }

  @Bean
  public AuthoritiesExtractor authoritiesExtractor() {
    return map -> AuthorityUtils.commaSeparatedStringToAuthorityList(
        ((List<String>) map.get(GROUP_CLAIMS)).stream()
            .map(group -> String.format("ROLE_%s", group.toUpperCase()))
            .collect(Collectors.joining(",")));

  }
}

0 个答案:

没有答案
相关问题
最新问题