1

我知道可以将 @PreAuthorize 注释添加到 Rest Controller ......

@RestController
public class WebController {
    @PreAuthorize("hasAuthority('Foo')")
    @GetMapping("/restricted")
    public ResponseEntity<String> restricted() {
        return ResponseEntity.ok("Restricted section");
    }
}

如何预授权对 Spring Integration Http.inbound 网关的访问?我知道我可以在集成流中添加一个组件并在转换器或服务激活器方法上添加注释,但我宁愿没有单独的对象。

@Bean
//@PreAuthorize("hasAuthority('Foo')") ?
public HttpRequestHandlingMessagingGateway restrictedGateway() {
    return Http.inboundGateway("/restricted")
            ...
            .get();
}

@Bean
public IntegrationFlow myFlow(HttpRequestHandlingMessagingGateway restrictedGateway) {
    return IntegrationFlows
            .from(restrictedGateway)
            .transform(source -> "Restricted section")
            .get();
}
4

1 回答 1

2

  • 我认为您通过查看https://docs.spring.io/spring-integration/reference/html/security.htm是正确的,它允许声明通道@Secured

  • 即使我们在没有集成的情况下考虑普通 Spring Boot 应用程序上的 Spring Security,它也处于过滤器级别,所以当我认为HttpRequestHandlingMessagingGateway它是 http 请求的侦听器时,它似乎是有道理的

你能试一下吗

    @Bean
    @SecuredChannel(interceptor = "channelSecurityInterceptor", sendAccess = "ROLE_XXX")
    public SubscribableChannel secureChannel() {
        return new DirectChannel();
    }

    @Bean
    public IntegrationFlow myFlow(HttpRequestHandlingMessagingGateway 
                                  restrictedGateway) {
    return IntegrationFlows
            .from(restrictedGateway)
            .channel(secureChannel())
            .transform(source -> "Restricted section")
            .get();
}
于 2020-07-22T14:23:33.457 回答