我正在尝试设置 Camel REST 以通过我的 application.properties 中的简单用户名/密码使用基本身份验证,但我似乎无法配置 Camel Spring Security 来执行此操作。我正在尝试关注the Spring Security component documentation这似乎缺少配置所需 bean 的示例。我找到了丢失的示例 here在“控制对 Camel 路由的访问”下,但这仅显示 xml 配置。
如何设置所需的 SpringSecurityAuthorizationPolicy
bean?它需要一个 AuthenticationManager 和一个 AccessDecisionManager ,而且似乎还需要我设置它的 SpringSecurityAccessPolicy ,但我不知道该怎么做。 p>
我还没有测试这些,因为我无法设置我的 beans,但我的休息路线如下:
rest("/ingest")
.post("/json").consumes("application/json")
.route()
.process(authProcessor)
.policy(authPolicy) // this is the bean I don't know how to configure
.to("direct:ingest")
.endRest();
我的AuthProcessor(取自camel组件文档)看起来像:
@Component
public class AuthProcessor implements Processor {
public void process(Exchange exchange) {
String userpass = new String(Base64.decodeBase64(exchange.getIn().getHeader("Authorization", String.class)));
String[] tokens = userpass.split(":");
// create an Authentication object
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(tokens[0], tokens[1]);
// wrap it in a Subject
Subject subject = new Subject();
subject.getPrincipals().add(authToken);
// place the Subject in the In message
exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
}
}
这是我的损坏的 bean 配置的值(value):
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public SpringSecurityAuthorizationPolicy springSecurityAuthorizationPolicy(
AuthenticationManager authenticationManager, AccessDecisionManager accessDecisionManager) {
SpringSecurityAuthorizationPolicy policy = new SpringSecurityAuthorizationPolicy();
SpringSecurityAccessPolicy springSecurityAccessPolicy = new SpringSecurityAccessPolicy();
policy.setAuthenticationManager(authenticationManager);
policy.setAccessDecisionManager(accessDecisionManager);
policy.setSpringSecurityAccessPolicy(????);
return policy;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("pass").roles("USER");
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public AccessDecisionManager accessDecisionManager() {
AffirmativeBased affirmativeBased = new AffirmativeBased(ImmutableList.of(
new RoleVoter()
));
affirmativeBased.setAllowIfAllAbstainDecisions(true);
return affirmativeBased;
}
}
我一直在用头撞墙试图理解这一点,所以一个如何做到这一点的例子将是令人惊奇的。看起来我想要做的事情(在第二个链接中)的 xml 配置足够简单,但我似乎无法在 Java 配置中复制它。
最佳答案
我知道这是一个老话题,但我遇到了类似的问题。我设法让它工作。不是通过重写 WebSecurityConfigurerAdapter
类中的 accessDecisionManager()
方法,而是通过在构建我的 SpringSecurityAuthorizationPolicy
时构建一个新实例:
@Bean
public Policy adminPolicy(AuthenticationManager authenticationManager) {
RoleVoter roleVoter = new RoleVoter();
SpringSecurityAuthorizationPolicy policy = new SpringSecurityAuthorizationPolicy();
policy.setAuthenticationManager(authenticationManager);
policy.setAccessDecisionManager(new UnanimousBased(List.of(roleVoter)));
policy.setSpringSecurityAccessPolicy(new SpringSecurityAccessPolicy(roleVoter.getRolePrefix() + "<ROLE_NAME>");
return policy;
}
关于spring - Camel REST 和 Spring Security Java 配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62435140/