我有一个spring webflux应用程序,并使用以下代码启用了spring webflux安全性:-
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
log.debug("Configuring tenant web security");
return http
.csrf().disable()
.authorizeExchange()
.pathMatchers("/actuator/**").permitAll()
.anyExchange().authenticated()
.and()
.addFilterAt(authenticationWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION)
.addFilterAt(authorizationWebFilter(), SecurityWebFiltersOrder.AUTHORIZATION)
.build();
}
private AuthenticationWebFilter authenticationWebFilter() {
AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(
customAuthenticationManager);
authenticationWebFilter.setServerAuthenticationConverter(customAuthenticationConverter);
return authenticationWebFilter;
}
private AuthorizationWebFilter authorizationWebFilter() {
return new AuthorizationWebFilter(customAuthorizationManager);
}我想绕过代码中提到的执行器URL,但不知何故,它们仍在使用中 ServerAuthenticationConverter 类,我已重写该类以分析标头。
我请求你的帮助 localhost:8082/actuator/health 而且它仍然贯穿整个安全链。
我在这里做错了什么?
下面的链接与此问题相关,但找不到任何有用的答案:-如何在基于spring的React式应用程序中从身份验证中排除路径?
调试日志,但出现异常:-
2021-05-27 21:11:50.496 DEBUG 87018 --- [ctor-http-nio-3] io.netty.buffer.AbstractByteBuf : -Dio.netty.buffer.checkBounds: true
2021-05-27 21:11:50.497 DEBUG 87018 --- [ctor-http-nio-3] i.n.util.ResourceLeakDetectorFactory : Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@1afad0f4
2021-05-27 21:11:50.510 DEBUG 87018 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] New http connection, requesting read
2021-05-27 21:11:50.510 DEBUG 87018 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0x3302bee3, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53829] New http connection, requesting read
2021-05-27 21:11:50.510 DEBUG 87018 --- [ctor-http-nio-2] reactor.netty.transport.TransportConfig : [id: 0x3302bee3, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53829] Initialized pipeline DefaultChannelPipeline{(reactor.left.httpCodec = io.netty.handler.codec.http.HttpServerCodec), (reactor.left.httpTrafficHandler = reactor.netty.http.server.HttpTrafficHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
2021-05-27 21:11:50.510 DEBUG 87018 --- [ctor-http-nio-3] reactor.netty.transport.TransportConfig : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] Initialized pipeline DefaultChannelPipeline{(reactor.left.httpCodec = io.netty.handler.codec.http.HttpServerCodec), (reactor.left.httpTrafficHandler = reactor.netty.http.server.HttpTrafficHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
2021-05-27 21:11:50.516 DEBUG 87018 --- [ctor-http-nio-3] io.netty.util.Recycler : -Dio.netty.recycler.maxCapacityPerThread: 4096
2021-05-27 21:11:50.516 DEBUG 87018 --- [ctor-http-nio-3] io.netty.util.Recycler : -Dio.netty.recycler.maxSharedCapacityFactor: 2
2021-05-27 21:11:50.516 DEBUG 87018 --- [ctor-http-nio-3] io.netty.util.Recycler : -Dio.netty.recycler.linkCapacity: 16
2021-05-27 21:11:50.516 DEBUG 87018 --- [ctor-http-nio-3] io.netty.util.Recycler : -Dio.netty.recycler.ratio: 8
2021-05-27 21:11:50.516 DEBUG 87018 --- [ctor-http-nio-3] io.netty.util.Recycler : -Dio.netty.recycler.delayedQueue.ratio: 8
2021-05-27 21:11:50.542 DEBUG 87018 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] Increasing pending responses, now 1
2021-05-27 21:11:50.547 DEBUG 87018 --- [ctor-http-nio-3] reactor.netty.http.server.HttpServer : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@60ba6618
2021-05-27 21:11:50.553 DEBUG 87018 --- [ctor-http-nio-3] o.s.w.s.adapter.HttpWebHandlerAdapter : [dbf63e0b-1] HTTP GET "/actuator/health"
2021-05-27 21:11:50.589 WARN 87018 --- [ctor-http-nio-3] c.r.c.a.c.e.RestWebExceptionHandler : Web request for uri http://localhost:8082/actuator/health failed with exception java.lang.IllegalArgumentException: X-Auth header is not present.
at com.demo.ceresgateway.app.config.security.CustomServerAuthenticationConverter.resolveHeaders(CustomServerAuthenticationConverter.java:61)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
|_ checkpoint ⇢ org.springframework.security.web.server.authentication.AuthenticationWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.boot.actuate.metrics.web.reactive.server.MetricsWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ HTTP GET "/actuator/health" [ExceptionHandlingWebHandler]
Stack trace:
at com.demo.ceresgateway.app.config.security.CustomServerAuthenticationConverter.resolveHeaders(CustomServerAuthenticationConverter.java:61)
at com.demo.ceresgateway.app.config.security.CustomServerAuthenticationConverter.convert(CustomServerAuthenticationConverter.java:31)
at org.springframework.security.web.server.authentication.AuthenticationWebFilter.lambda$filter$2(AuthenticationWebFilter.java:112)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:125)
at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2346)
at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.request(FluxFilterFuseable.java:191)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)
at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)
at reactor.core.publisher.MonoJust.subscribe(MonoJust.java:54)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:127)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:127)
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1784)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:249)
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1784)
at reactor.core.publisher.MonoCollectList$MonoCollectListSubscriber.onComplete(MonoCollectList.java:128)
at reactor.core.publisher.FluxIterable$IterableSubscription.fastPath(FluxIterable.java:360)
at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:225)
at reactor.core.publisher.MonoCollectList$MonoCollectListSubscriber.onSubscribe(MonoCollectList.java:79)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:164)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:86)
at reactor.core.publisher.MonoFromFluxOperator.subscribe(MonoFromFluxOperator.java:81)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:73)
at reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:82)
at reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.drain(FluxFilterWhen.java:301)
at reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.onNext(FluxFilterWhen.java:140)
at reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:270)
at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:228)
at reactor.core.publisher.FluxFilterWhen$FluxFilterWhenSubscriber.onSubscribe(FluxFilterWhen.java:200)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:164)
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:86)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.Mono.subscribe(Mono.java:4046)
at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.drain(MonoIgnoreThen.java:173)
at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:56)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.netty.http.server.HttpServer$HttpServerHandle.onStateChange(HttpServer.java:632)
at reactor.netty.ReactorNetty$CompositeConnectionObserver.onStateChange(ReactorNetty.java:612)
at reactor.netty.transport.ServerTransport$ChildObserver.onStateChange(ServerTransport.java:453)
at reactor.netty.http.server.HttpServerOperations.onInboundNext(HttpServerOperations.java:510)
at reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:94)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:208)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296)
at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:832)
2021-05-27 21:11:50.595 DEBUG 87018 --- [ctor-http-nio-3] a.w.r.e.AbstractErrorWebExceptionHandler : [dbf63e0b-1] Resolved [IllegalArgumentException: Only one of (X-Auth-Token) or (X-Username, X-Api-Key/X-Password) headers should be present at a time and when giving X-Username only one of X-Api-Key or X-Password header should be present.] for HTTP GET /actuator/health
2021-05-27 21:11:50.611 DEBUG 87018 --- [ctor-http-nio-3] o.s.http.codec.json.Jackson2JsonEncoder : [dbf63e0b-1] Encoding [{timestamp=Thu May 27 21:11:50 IST 2021, path=/actuator/health, status=400, message=Only one of (X-A (truncated)...]
2021-05-27 21:11:50.656 DEBUG 87018 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] Decreasing pending responses, now 0
2021-05-27 21:11:50.660 DEBUG 87018 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] Last HTTP packet was sent, terminating the channel
2021-05-27 21:11:50.660 DEBUG 87018 --- [ctor-http-nio-3] o.s.w.s.adapter.HttpWebHandlerAdapter : [dbf63e0b-1] Completed 400 BAD_REQUEST
2021-05-27 21:11:50.662 DEBUG 87018 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [id: 0xdbf63e0b, L:/[0:0:0:0:0:0:0:1]:8082 - R:/[0:0:0:0:0:0:0:1]:53830] Last HTTP response frame
1条答案
按热度按时间rpppsulh1#
您不需要添加
AuthenticationWebFilter及AuthorizationWebFilter在您的配置中手动执行。实现您想要的目标的更现代的方法通常是这样做:
您可以在spring安全文档中找到有关安全配置的更多信息