Spring security 如何预授权访问Http.InboundGateway?
我知道可以向Rest控制器添加@PreAuthorize注释Spring security 如何预授权访问Http.InboundGateway?,spring-security,spring-integration,spring-integration-dsl,spring-integration-http,Spring Security,Spring Integration,Spring Integration Dsl,Spring Integration Http,我知道可以向Rest控制器添加@PreAuthorize注释 @RestController public class WebController { @PreAuthorize("hasAuthority('Foo')") @GetMapping("/restricted") public ResponseEntity<String> restricted() { return ResponseEnti
@RestController
public class WebController {
@PreAuthorize("hasAuthority('Foo')")
@GetMapping("/restricted")
public ResponseEntity<String> restricted() {
return ResponseEntity.ok("Restricted section");
}
}
- 我认为您的看法是正确的,它允许在何处声明通道
@Secured
<> LI>
即使我们在正常的Spring启动应用程序上考虑Spring Security,没有集成,它还是在过滤级别上,所以在考虑“代码> httpQuththand Link MasgIGeGeave<代码>作为HTTP请求< /P>的侦听器时,它似乎是有意义的。
@Bean
@SecuredChannel(interceptor = "channelSecurityInterceptor", sendAccess = "ROLE_XXX")
public SubscribableChannel secureChannel() {
return new DirectChannel();
}
@Bean
public IntegrationFlow myFlow(HttpRequestHandlingMessagingGateway
restrictedGateway) {
return IntegrationFlows
.from(restrictedGateway)
.channel(secureChannel())
.transform(source -> "Restricted section")
.get();
}
我是否需要流中网关之后的中间“securedChannel”来实现这一点?sendAccess是否可能成为hasAuthority?抱歉。我没有可以玩的示例应用程序。但是我检查了spring安全源代码中传递给的代码
sendAccess
param。它将作为配置属性添加到accessDecisionManager
中,这与您在没有sprint集成的情况下使用spring安全性时使用的相同。因此我认为,它应该适用于hasAuthority
@Bean
@SecuredChannel(interceptor = "channelSecurityInterceptor", sendAccess = "ROLE_XXX")
public SubscribableChannel secureChannel() {
return new DirectChannel();
}
@Bean
public IntegrationFlow myFlow(HttpRequestHandlingMessagingGateway
restrictedGateway) {
return IntegrationFlows
.from(restrictedGateway)
.channel(secureChannel())
.transform(source -> "Restricted section")
.get();
}