我有一个 Spring MVC 项目和一个 Spring WebFlux 项目连接同一个 redis 服务器。使用 spring security
spring-boot-starter-securityspring-session-data-redis@Configuration
@EnableRedisHttpSession
public class SpringSecurityConfigur {
@Bean
@Order(1)
public SecurityFilterChain appSecurityFilterChain(HttpSecurity http) throws Exception {
return http.antMatcher("/app/**")
.authorizeHttpRequests((auth) -> auth.anyRequest().authenticated())
.exceptionHandling((auth) -> auth.authenticationEntryPoint(errorAuthenticationEntryPoint))
.formLogin()
.and().addFilterAt(appUsernamePasswordProcessingFilter,
UsernamePasswordAuthenticationFilter.class)
.logout().logoutUrl("/app/logout")
.and().csrf().disable().build();
}
}
WebFlux
@EnableWebFluxSecurity
@EnableRedisWebSession
@AllArgsConstructor
public class SecurityConfig {
private final DefaultSecurityContextRepository defaultSecurityContextRepository;
private final SessionFilter sessionFilter;
@Bean
public SecurityWebFilterChain filterChain(ServerHttpSecurity http) {
final var permitAll = new String[]{""};
return http.csrf().disable()
.formLogin().disable()
.authorizeExchange()
.anyExchange().authenticated()
.and()
.exceptionHandling()
.accessDeniedHandler(new TokenServerAccessDeniedHandler())
.authenticationEntryPoint(new DefaultAuthenticationEntryPoint())
.and()
.build();
}
}
我试过定义:
@Bean
public WebSessionIdResolver webSessionIdResolver() {
CookieWebSessionIdResolver sessionIdResolver = new CookieWebSessionIdResolver();
sessionIdResolver.setCookieName("SESSION");
return sessionIdResolver;
}
和
LettuceConnectionFactory