使用ReactiveSecurityContextHolder手动设置身份验证

时间:2019-04-03 15:26:17

标签: spring-security reactive-programming

我正在尝试使用Spring Web Flux设置Spring Security。我不了解如何使用SecurityContext手动设置ReactiveSecurityContextHolder。您有任何资源或提示吗? 以我编写的此过滤器为例,该过滤器读取JWT令牌并需要手动设置身份验证:

@Slf4j
public class JwtTokenAuthenticationFilter implements WebFilter {

    private final JwtAuthenticationConfig config;

    private final JwtParser jwtParser = Jwts.parser();

    public JwtTokenAuthenticationFilter(JwtAuthenticationConfig config) {
        this.config = config;
        jwtParser.setSigningKey(config.getSecret().getBytes());
    }

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {

        String token = exchange.getRequest().getHeaders().getFirst(config.getHeader());
        if (token != null && token.startsWith(config.getPrefix() + " ")) {
            token = token.replace(config.getPrefix() + " ", "");
            try {
                Claims claims = jwtParser.parseClaimsJws(token).getBody();
                String username = claims.getSubject();
                @SuppressWarnings("unchecked")
                List<String> authorities = claims.get("authorities", List.class);
                if (username != null) {
                    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null,
                            authorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));

                    // TODO set authentication into ReactiveSecurityContextHolder 
                }
            } catch (Exception ex) {
                log.warn(ex.toString(), ex);
                ReactiveSecurityContextHolder.clearContext();
            }
        }
        return chain.filter(exchange);
    }
}

1 个答案:

答案 0 :(得分:0)

我设法通过调用以下命令来更新SecurityContext:

return chain.filter(exchange).subscriberContext(ReactiveSecurityContextHolder.withAuthentication(auth));

如果我错了或者有更好的方法来纠正我,请纠正我。

相关问题
最新问题