Spring security Spring安全性:不同端点的不同证书CN
在Netty上运行的Spring Boot应用程序,安全性为:Spring security Spring安全性:不同端点的不同证书CN,spring-security,spring-webflux,x509certificate,Spring Security,Spring Webflux,X509certificate,在Netty上运行的Spring Boot应用程序,安全性为: @Slf4j @EnableWebFluxSecurity public class SecurityConfig { @Value("${server.trusted.requesters}") private List<String> trustedRequesters; @Value("${server.trusted.writer}")
@Slf4j
@EnableWebFluxSecurity
public class SecurityConfig {
@Value("${server.trusted.requesters}")
private List<String> trustedRequesters;
@Value("${server.trusted.writer}")
private String trustedWriter;
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http
.x509(x509 -> x509
.authenticationManager(authentication -> {
log.debug("Write Authentication");
log.debug("Incoming certificate CN: {}", authentication.getName());
authentication.setAuthenticated(StringUtils.equals(trustedWriter, authentication.getName()));
return Mono.just(authentication);
}))
.authorizeExchange()
.pathMatchers("/write/event") // Only for write request
.authenticated()
.and()
.x509(x509 -> x509
.authenticationManager(authentication -> {
log.debug("Write Authentication");
log.debug("Incoming certificate CN: {}", authentication.getName());
authentication.setAuthenticated(trustedRequesters.contains(authentication.getName()));
return Mono.just(authentication);
}))
.authorizeExchange()
.pathMatchers("/webjars/**", "/read/**") // For swagger and read request
.authenticated()
.and()
.build();
}
}
@Slf4j
@启用WebFluxSecurity
公共类SecurityConfig{
@值(${server.trusted.requesters}”)
私有列表信任请求;
@值(${server.trusted.writer}”)
私有字符串信任编写器;
@豆子
公共安全WebFilterChain安全WebFilterChain(ServerHttpSecurity http){
返回http
.x509(x509->x509
.authenticationManager(身份验证->{
log.debug(“写认证”);
debug(“传入证书CN:{}”,authentication.getName());
authentication.setAuthenticated(StringUtils.equals(trustedWriter,authentication.getName());
返回Mono.just(身份验证);
}))
.授权交易所()
.pathMatchers(“/write/event”)//仅用于写入请求
.authenticated()
.及()
.x509(x509->x509
.authenticationManager(身份验证->{
log.debug(“写认证”);
debug(“传入证书CN:{}”,authentication.getName());
authentication.setAuthenticated(trustedRequests.contains(authentication.getName());
返回Mono.just(身份验证);
}))
.授权交易所()
.pathMatchers(“/webjars/**”,“/read/**”)//用于招摇过市和读取请求
.authenticated()
.及()
.build();
}
}
它背后的意图是只允许写请求一个特定的证书CN,并且允许任何其他请求(写请求除外)查看TrustedRequests列表并允许所有这些请求
这实际上不起作用,我做了一些测试,独立于它来自哪个证书,请求总是针对写入以及任何其他进行身份验证,即使CN不是针对写入
有没有办法用不同的证书保护不同的端点