我正在尝试在Spring WebFlux中使用ReactiveSecurityContextHolder。不幸的是,SecurityContext为空:
@Configuration
public class Router {
@Bean
public RouterFunction<ServerResponse> routes(Handler handler) {
return nest(
path("/bill"),
route(
GET("/").and(accept(APPLICATION_JSON)), handler::all));
}
@Component
class Handler {
Mono<ServerResponse> all(ServerRequest request) {
ReactiveSecurityContextHolder.getContext()
.switchIfEmpty(Mono.error(new IllegalStateException("ReactiveSecurityContext is empty")))
.map(SecurityContext::getAuthentication)
.map(Authentication::getName)
.flatMap(s -> Mono.just("Hi " + s))
.subscribe(
System.out::println,
Throwable::printStackTrace,
() -> System.out.println("completed without a value")
);
return ok().build();
}
}
}
这段代码总是会抛出IllegalStateException异常。
如果我像这里所示这样添加一个subscriberContext:
Authentication authentication = new TestingAuthenticationToken("admin", "password", "ROLE_ADMIN");
ReactiveSecurityContextHolder.getContext()
.switchIfEmpty(Mono.error(new IllegalStateException("ReactiveSecurityContext is empty")))
.map(SecurityContext::getAuthentication)
.map(Authentication::getName)
.flatMap(s -> Mono.just("Hi " + s))
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication))
.subscribe(
System.out::println,
Throwable::printStackTrace,
() -> System.out.println("completed without a value")
);
它可以正常工作并打印出“Hi admin”。但这不是关键点,文章说:“在WebFlux应用程序中,subscriberContext
会自动使用ReactorContextWebFilter
进行设置。”因此,我应该能够获取已登录的用户。
我的配置如下:
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange()
.anyExchange().authenticated()
.and().formLogin()
.and().build();
}
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
UserDetails admin = User.withDefaultPasswordEncoder()
.username("admin")
.password("password")
.roles("ADMIN")
.build();
return new MapReactiveUserDetailsService(user, admin);
}
}
我这里有什么遗漏吗?如果我在 ReactorContextWebFilter 中设置断点,我可以看到它在每个请求之前都被正确调用。但是我的 ReactiveSecurityContextHolder 总是空的...
org.springframework.web.reactive.function.server.ServerRequest#principal
,但我也想使用ReactiveSecurityContextHolder
。 - neshkeev