问题描述

对于微服务到微服务的通信，RSocket似乎是HTTP/S的不错替代品.幸运的是，Spring Boot已经具有平滑的集成，可以简化其配置.

RSocket seems to be a nice alternative to HTTP/S for microservice to microservice communication. Fortunately Spring Boot already has a smooth integration that eases the configuration of it.

但是，我缺少RSocket和Spring(引导，安全性)文档中与RSocket安全相关的所有信息.

However I am missing information about everything related to RSocket security, both in RSocket and Spring (Boot, Security) documentation.

我的问题是:

1)我们如何配置RSocket以使用TLS(在Spring Boot应用程序的上下文中)?

1) How can we configure RSocket to use TLS (in the context of a Spring Boot application)?

2)Spring Security是否向RSocket安全性添加任何其他功能?想到的事情，想象我们想将JWT令牌从一个应用程序传播到另一个应用程序，如何通过RSocket传递和验证它?

2) Does Spring Security add any additional features to RSocket security? Things that come to my head, imagine we want to propagate a JWT token from one application to another, how could it be passed and validated through an RSocket?

推荐答案

我最近写了一个帖子有关如何在RSocket中使用Spring Security Basic身份验证.在第一个问题中，连接到RSocketServer时可以使用TcpClientTransport.create(TcpClient.create().port(7000).secure()).

I recently wrote a post on how to use Spring Security Basic Authentication with RSocket. In for your first question, You can use TcpClientTransport.create(TcpClient.create().port(7000).secure()) when connecting to RSocketServer.

RSocketRequester.builder()
                .dataMimeType(MimeTypeUtils.APPLICATION_JSON)
                .rsocketStrategies(rSocketStrategies)
                .rsocketFactory(clientRSocketFactory -> {
                    clientRSocketFactory.frameDecoder(PayloadDecoder.ZERO_COPY);
                })
                .setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
                .connect(TcpClientTransport.create(TcpClient.create().port(7000).secure()))
                .block();

对于第二个问题，当访问RSocket消息端点时，可以使用

And for the second question, When accessing RSocket message endpoints you can use

        BearerTokenMetadata credentials = new BearerTokenMetadata("jwt-token");
        return rSocketRequester
                .route("taxis")
                .metadata(credentials, BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE)
                .data(new TaxisRequest(type, from, to))
                .retrieveMono(TaxisResponse.class);

在为PayloadSocketAcceptorInterceptor设置RSocketServer的过程中，您可以按以下方式使用jwt.

And during RSocketServer setup for the PayloadSocketAcceptorInterceptor you can use jwt as below.

    @Bean
    public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
        rsocket.authorizePayload(authorize -> {
            authorize
                    // must have ROLE_SETUP to make connection
                    .setup().hasRole("SETUP")
                    // must have ROLE_ADMIN for routes starting with "taxis."
                    .route("taxis*").hasRole("ADMIN")
                    // any other request must be authenticated for
                    .anyRequest().authenticated();
            })
            .jwt(Customizer.withDefaults());

            return rsocket.build();
        }

这篇关于如何使用Spring Security在Spring Boot应用程序中配置RSocket安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！