【问题标题】:Unable to get Principal/Authentication when using session + redis persistence使用 session + redis 持久化时无法获取 Principal/Authentication
【发布时间】:2019-06-21 06:41:49
【问题描述】:

我一直在尝试关注 Micronaut Security SessionMicronaut Redis Session 以使会话和安全性与 Redis 持久性一起工作,但没有成功。

如果我禁用 Redis 持久性,我可以获得 Principal 对象并且用户已正确验证,但如果我启用 Redis 持久性,我可以看到用户已通过 Redis 数据验证,但我永远无法获取 Principal 对象并且总是返回 null

但是,当我启用 Redis 持久性时,我可以确认我仍然可以获得正确的 Session 对象,该对象是从 Redis 正确创建和读取的(通过访问 /anon 端点,我可以看到身份验证和会话 ID 值)。我不确定我做错了什么

这是我的application.yml 文件

---
micronaut:
  application:
    name: hello-world
  security:
    enabled: true
    endpoints:
      login:
        enabled: true
      logout:
        enabled: true
    session:
      enabled: true
      login-success-target-url: /
      login-failure-target-url: /login/authFailed
  session:
    http:
      cookie-name: supahsexy
      cookie: true
      redis:
        enabled: true
        namespace: 'myapp:sessions'
        write-mode: BACKGROUND
        enable-keyspace-event: false
        value-serializer: io.micronaut.jackson.serialize.JacksonObjectSerializer
---
redis:
  uri: redis://localhost

对于AuthenticationProviderUserPassword.java

@Singleton
public class AuthenticationProviderUserPassword implements AuthenticationProvider {
    @Override
    public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
        if (authenticationRequest.getIdentity().equals("admin") && authenticationRequest.getSecret().equals("admin")) {
            var ud = new UserDetails((String) authenticationRequest.getIdentity(), List.of());
            return Flowable.just(ud);
        }
        return Flowable.just(new AuthenticationFailed());
    }
}

最后这是端点

@Controller("/")
public class HelloController {
    @Get("/")
    @Produces(MediaType.TEXT_PLAIN)
    @Secured(SecurityRule.IS_ANONYMOUS)
    public String index(Session session, @Nullable Principal principal) {
        System.out.println(principal);
        String username = principal != null? principal.getName() : "<anonymous>";
        session.put("session id", session.getId());
        return "Hello world " + username;
    }

    @Get("/blah")
    @Produces(MediaType.TEXT_PLAIN)
    @Secured(SecurityRule.IS_AUTHENTICATED)
    public String blah(Session session, @Nullable Principal principal) {
        System.out.println(session.asMap().toString());
        if (principal != null) {
            System.out.println(principal.getName());
        }
        return "Blah";
    }

    @Get("/anon")
    @Produces(MediaType.TEXT_PLAIN)
    @Secured(SecurityRule.IS_ANONYMOUS)
    public String anon(Session session) {

        return "Session = " + session.get("micronaut.AUTHENTICATION").orElse("no auth") + ", " + session.get("session id").orElse("no session id");
    }
}

【问题讨论】:

    标签: java redis micronaut


    【解决方案1】:

    【讨论】:

      猜你喜欢
      • 2020-09-05
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2016-03-21
      • 2017-02-15
      • 2013-04-16
      • 1970-01-01
      相关资源
      最近更新 更多