使用session+redis持久化时无法获取Principal/Authentication
Unable to get Principal/Authentication when using session + redis persistence
我一直在尝试按照 Micronaut Security Session and Micronaut Redis Session 来获得会话和安全性与 Redis 持久性一起工作,但不幸的是。
如果我禁用 Redis 持久性,我可以获得 Principal 对象并且用户得到了正确的身份验证,但是如果我启用了 Redis 持久性,我可以看到用户在 Redis 数据上得到了身份验证,但是我永远无法获得Principal 对象并且总是 returns null
然而,当我启用 Redis 持久性时,我可以确认我仍然可以获得正确的 Session 对象,该对象是从 Redis 正确创建和读取的(通过访问 /anon 端点,我可以看到身份验证和会话 ID 值).我不确定我做错了什么
这是我的 application.yml 文件
---
micronaut:
application:
name: hello-world
security:
enabled: true
endpoints:
login:
enabled: true
logout:
enabled: true
session:
enabled: true
login-success-target-url: /
login-failure-target-url: /login/authFailed
session:
http:
cookie-name: supahsexy
cookie: true
redis:
enabled: true
namespace: 'myapp:sessions'
write-mode: BACKGROUND
enable-keyspace-event: false
value-serializer: io.micronaut.jackson.serialize.JacksonObjectSerializer
---
redis:
uri: redis://localhost
而 AuthenticationProviderUserPassword.java
@Singleton
public class AuthenticationProviderUserPassword implements AuthenticationProvider {
@Override
public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
if (authenticationRequest.getIdentity().equals("admin") && authenticationRequest.getSecret().equals("admin")) {
var ud = new UserDetails((String) authenticationRequest.getIdentity(), List.of());
return Flowable.just(ud);
}
return Flowable.just(new AuthenticationFailed());
}
}
最后是端点
@Controller("/")
public class HelloController {
@Get("/")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_ANONYMOUS)
public String index(Session session, @Nullable Principal principal) {
System.out.println(principal);
String username = principal != null? principal.getName() : "<anonymous>";
session.put("session id", session.getId());
return "Hello world " + username;
}
@Get("/blah")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_AUTHENTICATED)
public String blah(Session session, @Nullable Principal principal) {
System.out.println(session.asMap().toString());
if (principal != null) {
System.out.println(principal.getName());
}
return "Blah";
}
@Get("/anon")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_ANONYMOUS)
public String anon(Session session) {
return "Session = " + session.get("micronaut.AUTHENTICATION").orElse("no auth") + ", " + session.get("session id").orElse("no session id");
}
}
我一直在尝试按照 Micronaut Security Session and Micronaut Redis Session 来获得会话和安全性与 Redis 持久性一起工作,但不幸的是。
如果我禁用 Redis 持久性,我可以获得 Principal 对象并且用户得到了正确的身份验证,但是如果我启用了 Redis 持久性,我可以看到用户在 Redis 数据上得到了身份验证,但是我永远无法获得Principal 对象并且总是 returns null
然而,当我启用 Redis 持久性时,我可以确认我仍然可以获得正确的 Session 对象,该对象是从 Redis 正确创建和读取的(通过访问 /anon 端点,我可以看到身份验证和会话 ID 值).我不确定我做错了什么
这是我的 application.yml 文件
---
micronaut:
application:
name: hello-world
security:
enabled: true
endpoints:
login:
enabled: true
logout:
enabled: true
session:
enabled: true
login-success-target-url: /
login-failure-target-url: /login/authFailed
session:
http:
cookie-name: supahsexy
cookie: true
redis:
enabled: true
namespace: 'myapp:sessions'
write-mode: BACKGROUND
enable-keyspace-event: false
value-serializer: io.micronaut.jackson.serialize.JacksonObjectSerializer
---
redis:
uri: redis://localhost
而 AuthenticationProviderUserPassword.java
@Singleton
public class AuthenticationProviderUserPassword implements AuthenticationProvider {
@Override
public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
if (authenticationRequest.getIdentity().equals("admin") && authenticationRequest.getSecret().equals("admin")) {
var ud = new UserDetails((String) authenticationRequest.getIdentity(), List.of());
return Flowable.just(ud);
}
return Flowable.just(new AuthenticationFailed());
}
}
最后是端点
@Controller("/")
public class HelloController {
@Get("/")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_ANONYMOUS)
public String index(Session session, @Nullable Principal principal) {
System.out.println(principal);
String username = principal != null? principal.getName() : "<anonymous>";
session.put("session id", session.getId());
return "Hello world " + username;
}
@Get("/blah")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_AUTHENTICATED)
public String blah(Session session, @Nullable Principal principal) {
System.out.println(session.asMap().toString());
if (principal != null) {
System.out.println(principal.getName());
}
return "Blah";
}
@Get("/anon")
@Produces(MediaType.TEXT_PLAIN)
@Secured(SecurityRule.IS_ANONYMOUS)
public String anon(Session session) {
return "Session = " + session.get("micronaut.AUTHENTICATION").orElse("no auth") + ", " + session.get("session id").orElse("no session id");
}
}