spring-cloud-gateway 集成 security 实现部分请求校验(基于WebFlux)

原创
2019/01/03 15:14
阅读数 4.4K

maven 引入:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>

核心类:

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/**
 * @author: mhuang
 * @Date: 2019/1/3 13:54
 * @Description:监控API校验账号密码
 */
@EnableWebFluxSecurity
public class WebSecurityConfig {

    @Bean
    SecurityWebFilterChain webFluxSecurityFilterChain(ServerHttpSecurity http) throws Exception {
        http.authorizeExchange().pathMatchers("/monitor/**").hasRole("ADMIN")
                .anyExchange().permitAll().and().cors().and()
                .httpBasic().and()
                .csrf().disable();
        return http.build();
    }
}

配置属性

management.endpoints.web.exposure.include=*

management.endpoints.web.base-path=/monitor

spring.security.user.name=mhuang

spring.security.user.password=huangmiao

spring.security.user.roles=ADMIN

 

实例:

 

至此,即可安全访问

展开阅读全文
加载中
点击加入讨论🔥(1) 发布并加入讨论🔥
1 评论
0 收藏
0
分享
返回顶部
顶部