-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathRSocketSecurityConfiguration.java
More file actions
67 lines (62 loc) · 3.44 KB
/
RSocketSecurityConfiguration.java
File metadata and controls
67 lines (62 loc) · 3.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package com.shf.client.configuration;
import org.springframework.boot.autoconfigure.security.rsocket.RSocketSecurityAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.rsocket.RSocketStrategies;
import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.rsocket.RSocketSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor;
/**
* Description:
* Auto_configuration forwards to {@link RSocketSecurityAutoConfiguration}.
*
* @author songhaifeng
* @date 2019/12/17 01:12
*/
@Configuration
public class RSocketSecurityConfiguration {
/**
* See default configuration in {@code org.springframework.security.config.annotation.rsocket.SecuritySocketAcceptorInterceptorConfiguration}.
* In production, we need to customize it.
*
* @param rSocket {@link RSocketSecurity} is register in {@code org.springframework.security.config.annotation.rsocket.RSocketSecurityConfiguration}.
* It is a stateful instance.
* @return PayloadSocketAcceptorInterceptor
*/
@Bean
public PayloadSocketAcceptorInterceptor rSocketInterceptor(RSocketSecurity rSocket, RSocketStrategies rSocketStrategies) {
rSocket.authorizePayload(authorize -> {
authorize
// must have ROLE_SETUP to make connection
.setup().hasRole("SETUP")
// must have ROLE_ADMIN for routes starting with "user"
.route("user.*").hasRole("ADMIN")
// any other request must be authenticated
.anyRequest().authenticated()
// payloads that have no metadata have no authorization rules.
.anyExchange().permitAll();
}).simpleAuthentication(Customizer.withDefaults());
// Add customized payload interceptor for logging request
// addPayloadInterceptor(new DefaultRequestLogPayloadInterceptor(rSocketStrategies));
return rSocket.build();
}
/**
* Define three users for testing.
* {@link MapReactiveUserDetailsService} is the default {@link ReactiveUserDetailsService}, it is autowired in {@link UserDetailsRepositoryReactiveAuthenticationManager}.
* We could implement {@link ReactiveUserDetailsService} to customize another {@link ReactiveUserDetailsService}, such as `JdbcReactiveUserDetailsService`
*
* @return MapReactiveUserDetailsService
*/
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails admin = User.withDefaultPasswordEncoder().username("shf").password("123456").roles("ADMIN").build();
UserDetails user = User.withDefaultPasswordEncoder().username("shf_2").password("123456").roles("USER").build();
UserDetails setupUser = User.withDefaultPasswordEncoder().username("setup").password("654321").roles("SETUP").build();
return new MapReactiveUserDetailsService(admin, user, setupUser);
}
}