iis7.5发布网站,做视频搬运哪个网站最赚钱,opencart网站建设,域名注册查询软件在Spring Cloud Gateway中集成Spring Security 6以实现鉴权和认证工作#xff0c;可以在网关代理层完成权限校验和认证。这种架构通常被称为“边缘安全”或“API网关安全”#xff0c;它允许你在请求到达后端服务之前进行集中式的安全控制。
以下是如何配置Spring Cloud Gat…在Spring Cloud Gateway中集成Spring Security 6以实现鉴权和认证工作可以在网关代理层完成权限校验和认证。这种架构通常被称为“边缘安全”或“API网关安全”它允许你在请求到达后端服务之前进行集中式的安全控制。
以下是如何配置Spring Cloud Gateway与Spring Security 6来实现这一目标的详细步骤
1. 添加依赖
首先确保你的项目中包含必要的依赖。你需要Spring Security、Spring Cloud Gateway以及JWT相关的依赖。
dependencies!-- Spring Boot Starter Security --dependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-security/artifactId/dependency!-- Spring Cloud Gateway --dependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-starter-gateway/artifactId/dependency!-- JWT Support --dependencygroupIdio.jsonwebtoken/groupIdartifactIdjjwt-api/artifactIdversion0.11.5/version/dependencydependencygroupIdio.jsonwebtoken/groupIdartifactIdjjwt-impl/artifactIdversion0.11.5/versionscoperuntime/scope/dependencydependencygroupIdio.jsonwebtoken/groupIdartifactIdjjwt-jackson/artifactIdversion0.11.5/versionscoperuntime/scope/dependency!-- Spring Cloud Dependencies Management --dependencyManagementdependenciesdependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-dependencies/artifactIdversion2022.0.0/versiontypepom/typescopeimport/scope/dependency/dependencies/dependencyManagement
/dependencies2. 配置SecurityFilterChain
在Spring Security配置类中设置SecurityFilterChain以支持基于Token的认证机制并应用到Gateway路由上。
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import reactor.core.publisher.Mono;Configuration
EnableWebFluxSecurity
public class SecurityConfig {Beanpublic SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http, JwtAuthenticationManager jwtAuthenticationManager) {http.csrf().disable() // 禁用CSRF保护.authorizeExchange(exchanges - exchanges.pathMatchers(/login).permitAll() // 公开路径例如登录.anyExchange().authenticated() // 其他所有请求都需要认证).addFilterAt(jwtAuthenticationFilter(jwtAuthenticationManager), AuthenticationWebFilter.class);return http.build();}Beanpublic MapReactiveUserDetailsService userDetailsService() {UserDetails userDetails User.withDefaultPasswordEncoder().username(user).password(password).roles(USER).build();return new MapReactiveUserDetailsService(userDetails);}private AuthenticationWebFilter jwtAuthenticationFilter(JwtAuthenticationManager jwtAuthenticationManager) {AuthenticationWebFilter filter new AuthenticationWebFilter(jwtAuthenticationManager);filter.setServerAuthenticationConverter(new BearerTokenServerAuthenticationConverter());return filter;}
}3. 实现JWT工具类
创建一个工具类来生成和解析JWT令牌。
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.stereotype.Component;
import reactor.core.publisher.Mono;import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;Component
public class JwtUtil {private String secret yourSecretKey; // 应该存储在一个安全的地方并且不要硬编码public MonoString extractUsername(String token) {return Mono.just(extractClaim(token, Claims::getSubject));}public Date extractExpiration(String token) {return extractClaim(token, Claims::getExpiration);}public T T extractClaim(String token, FunctionClaims, T claimsResolver) {final Claims claims extractAllClaims(token);return claimsResolver.apply(claims);}private Claims extractAllClaims(String token) {return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();}private Boolean isTokenExpired(String token) {return extractExpiration(token).before(new Date());}public MonoString generateToken(UserDetails userDetails) {MapString, Object claims new HashMap();return Mono.just(createToken(claims, userDetails.getUsername()));}private String createToken(MapString, Object claims, String subject) {return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis())).setExpiration(new Date(System.currentTimeMillis() 1000 * 60 * 60 * 10)) // 10小时过期.signWith(SignatureAlgorithm.HS256, secret).compact();}public MonoBoolean validateToken(String token, UserDetails userDetails) {final String username extractUsername(token).block();return Mono.just(username.equals(userDetails.getUsername()) !isTokenExpired(token));}
}4. 实现JWT认证管理器
创建一个自定义的认证管理器来处理JWT验证逻辑。
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;
import reactor.core.publisher.Mono;Component
public class JwtAuthenticationManager implements ReactiveAuthenticationManager {private final JwtUtil jwtUtil;private final UserDetailsService userDetailsService;public JwtAuthenticationManager(JwtUtil jwtUtil, UserDetailsService userDetailsService) {this.jwtUtil jwtUtil;this.userDetailsService userDetailsService;}Overridepublic MonoAuthentication authenticate(Authentication authentication) {String token (String) authentication.getCredentials();return jwtUtil.extractUsername(token).flatMap(username - {if (jwtUtil.validateToken(token, userDetailsService.loadUserByUsername(username)).block()) {UserDetails userDetails userDetailsService.loadUserByUsername(username);return Mono.just(new UsernamePasswordAuthenticationToken(userDetails, token, userDetails.getAuthorities()));} else {return Mono.empty();}});}
}5. 实现Bearer Token转换器
创建一个转换器来从请求头中提取Bearer Token。
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;public class BearerTokenServerAuthenticationConverter implements ServerAuthenticationConverter {Overridepublic Monoorg.springframework.security.oauth2.server.resource.authentication.ServerAuthenticationToken convert(ServerWebExchange exchange) {String authHeader exchange.getRequest().getHeaders().getFirst(Authorization);if (authHeader ! null authHeader.startsWith(Bearer )) {String token authHeader.substring(7);return Mono.just(new org.springframework.security.oauth2.server.resource.authentication.ServerAuthenticationToken(token, token));}return Mono.empty();}
}6. 配置Gateway路由
最后在你的网关配置文件中定义路由。
spring:cloud:gateway:routes:- id: service_routeuri: lb://your-backend-servicepredicates:- Path/api/**filters:- RewritePath/api/(?segment.*), /$\{segment}总结
通过上述步骤你可以在Spring Cloud Gateway中集成Spring Security 6从而实现在网关代理层进行鉴权和认证的功能。主要步骤包括
添加依赖引入必要的依赖。配置SecurityFilterChain禁用CSRF保护并设置为无状态会话。实现JWT工具类用于生成和解析JWT令牌。实现JWT认证管理器处理JWT验证逻辑。实现Bearer Token转换器从请求头中提取Bearer Token。配置Gateway路由定义路由规则。
这样你的应用程序就可以使用JWT在网关层进行安全认证和授权了。
