【发布时间】:2019-06-21 06:41:49
【问题描述】:
我一直在尝试关注 Micronaut Security Session 和 Micronaut Redis Session 以使会话和安全性与 Redis 持久性一起工作,但没有成功。
如果我禁用 Redis 持久性,我可以获得 Principal 对象并且用户已正确验证,但如果我启用 Redis 持久性,我可以看到用户已通过 Redis 数据验证,但我永远无法获取 Principal 对象并且总是返回 null
但是,当我启用 Redis 持久性时,我可以确认我仍然可以获得正确的 Session 对象,该对象是从 Redis 正确创建和读取的(通过访问 /anon 端点,我可以看到身份验证和会话 ID 值)。我不确定我做错了什么
这是我的application.yml 文件
---
micronaut:
application:
name: hello-world
security:
enabled: true
endpoints:
login:
enabled: true
logout:
enabled: true
session:
enabled: true
login-success-target-url: /
login-failure-target-url: /login/authFailed
session:
http:
cookie-name: supahsexy
cookie: true
redis:
enabled: true
namespace: 'myapp:sessions'
write-mode: BACKGROUND
enable-keyspace-event: false
value-serializer: io.micronaut.jackson.serialize.JacksonObjectSerializer
---
redis:
uri: redis://localhost
对于AuthenticationProviderUserPassword.java
@Singleton
public class AuthenticationProviderUserPassword implements AuthenticationProvider {
@Override
public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
if (authenticationRequest.getIdentity().equals("admin") && authenticationRequest.getSecret().equals("admin")) {
var ud = new UserDetails((String) authenticationRequest.getIdentity(), List.of());
return Flowable.just(ud);
}
return Flowable.just(new AuthenticationFailed());
}
}
最后这是端点
@Controller("/")
public class HelloController {
@Get("/")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_ANONYMOUS)
public String index(Session session, @Nullable Principal principal) {
System.out.println(principal);
String username = principal != null? principal.getName() : "<anonymous>";
session.put("session id", session.getId());
return "Hello world " + username;
}
@Get("/blah")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_AUTHENTICATED)
public String blah(Session session, @Nullable Principal principal) {
System.out.println(session.asMap().toString());
if (principal != null) {
System.out.println(principal.getName());
}
return "Blah";
}
@Get("/anon")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_ANONYMOUS)
public String anon(Session session) {
return "Session = " + session.get("micronaut.AUTHENTICATION").orElse("no auth") + ", " + session.get("session id").orElse("no session id");
}
}
【问题讨论】: