Java 自定义安全规则不起作用Micronaut 2.2.1
我试图用Micronaut 2.2.1实现自定义安全规则,但它不起作用Java 自定义安全规则不起作用Micronaut 2.2.1,java,micronaut,micronaut-client,micronaut-rest,Java,Micronaut,Micronaut Client,Micronaut Rest,我试图用Micronaut 2.2.1实现自定义安全规则,但它不起作用 public @interface RequiredPermission { String resourceIdName(); String permission(); } 安全规则 @Singleton public class AdminRequirement implements SecurityRule { @Override public SecurityRuleResult ch
public @interface RequiredPermission {
String resourceIdName();
String permission();
}
安全规则
@Singleton
public class AdminRequirement implements SecurityRule {
@Override
public SecurityRuleResult check(HttpRequest<?> request, @Nullable RouteMatch<?> routeMatch, @Nullable Map<String, Object> claims) {
if (routeMatch instanceof MethodBasedRouteMatch) {
MethodBasedRouteMatch methodBasedRouteMatch = (MethodBasedRouteMatch) routeMatch;
if (methodBasedRouteMatch.hasAnnotation(RequiredPermission.class)) {
AnnotationValue<RequiredPermission> requiredPermissionAnnotation = methodBasedRouteMatch.getAnnotation(RequiredPermission.class);
// Get parameters from annotation on method
Optional<String> resourceIdName = requiredPermissionAnnotation.stringValue("resourceIdName");
Optional<String> permission = requiredPermissionAnnotation.stringValue("permission");
if (permission.isPresent() && resourceIdName.isPresent() && claims != null) {
// Use name of parameter to get the value passed in as an argument to the method
String resourceId = methodBasedRouteMatch.getVariableValues().get(resourceIdName.get()).toString();
// Get claim from jwt using the resource ID
Object permissionForResource = ((Map) claims.get("https://your-domain.com/claims")).get(resourceId);
if (permissionForResource != null && permissionForResource.equals(permission.get())) {
// if the permission exists and it's equal, allow access
return SecurityRuleResult.ALLOWED;
}
}
}
}
return SecurityRuleResult.UNKNOWN;
}
}
如果我更新代码如下
@Controller("/product")
@RequiredPermission(resourceIdName = "Admin", permission = "Admin")
public record ProductController(IProducer iProducer) {}
上面的代码可以工作,但它不是一个合适的解决方案
@所需权限(resourceIdName=“Admin”,permission=“Admin”)
Repo-安全规则实现有序接口。要实现这一点,您必须在自定义安全规则类中添加以下行
public static final Integer ORDER = SecuredAnnotationRule.ORDER - 100;
public int getOrder() {
return ORDER;
}
安全规则实现有序接口。要实现这一点,您必须在自定义安全规则类中添加以下行
public static final Integer ORDER = SecuredAnnotationRule.ORDER - 100;
public int getOrder() {
return ORDER;
}
public static final Integer ORDER = SecuredAnnotationRule.ORDER - 100;
public int getOrder() {
return ORDER;
}