1

我有 RSocketSecurity 的配置类 类似的东西

@Configuration
@EnableRSocketSecurity
@EnableReactiveMethodSecurity
class RSocketAuthConfiguration {

并对其进行授权(仅允许经过身份验证的用户订阅)

     security.addPayloadInterceptor(interceptor).authorizePayload {
        it.setup().authenticated().anyRequest().permitAll()
    }

我想设置一些可以公开访问的路由,但其中大多数应该是经过授权的。实现这一目标的最佳方法是什么?

4

2 回答 2

0

Spring Security Rsocket 分别配置setuproute

以下是配置部分的示例。

@Bean
public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
        return rsocket
                .authorizePayload(
                        authorize -> {
                            authorize
                                    // must have ROLE_SETUP to make connection
                                    .setup().hasRole("SETUP")
                                    // must have ROLE_ADMIN for routes starting with "greet."
                                    .route("greet*").hasRole("ADMIN")
                                    // any other request must be authenticated for
                                    .anyRequest().authenticated();
                        }
                )
                .basicAuthentication(Customizer.withDefaults())
                .build();
    }

从我的 Github获取完整的示例。

于 2022-01-24T08:28:27.183 回答
0

遵循以下原则的东西应该起作用:

@Configuration
@EnableRSocketSecurity
@EnableReactiveMethodSecurity
class RSocketSecurityConfiguration(val authenticationService: AuthenticationService) {

    @Bean
    fun authorization(security: RSocketSecurity): PayloadSocketAcceptorInterceptor {
        return security
                .authorizePayload {
                    it.route("route-A").hasRole("role-A")
                        .route("route-B").permitAll()
                }
                .simpleAuthentication(Customizer.withDefaults())
                .authenticationManager(authenticationService)
                .build()
    }
}

route-Arole-A已通过身份验证并需要route-B公开可用。

于 2022-01-21T19:03:20.167 回答