admin管理员组文章数量:1346338
I'm using implementation("net.devh:grpc-spring-boot-starter:3.1.0.RELEASE") library to do Grpc work in my java application.
I followed the documentation to implement Authentication, implementing GrpcAuthenticationReader and AuthenticationProvider
@Bean
public JwtGrpcAuthenticationReader jwtAuthenticationReader() {
log.info("Initializing jwtAuthenticationReader...");
return new JwtGrpcAuthenticationReader();
}
@Bean
public JwtGrpcAuthenticationProvider jwtAuthenticationProvider() {
log.info("Initializing jwtAuthenticationProvider...");
return new JwtGrpcAuthenticationProvider(secretManagerService);
}
@Bean
AuthenticationManager authenticationManager() {
final List<AuthenticationProvider> providers = new ArrayList<>();
providers.add(jwtAuthenticationProvider());
return new ProviderManager(providers);
}
@Bean
GrpcAuthenticationReader authenticationReader() {
final List<GrpcAuthenticationReader> readers = new ArrayList<>();
readers.add(jwtAuthenticationReader());
return new CompositeGrpcAuthenticationReader(readers);
}
Now the problem is that every request is under authentication. How can I leave one out to get a token to then call other services?
I sow that I can implement also
public class JwtAuthInterceptor implements ServerInterceptor {
private static final Metadata.Key<String> AUTHORIZATION_KEY =
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
@Override
public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
ServerCall<ReqT, RespT> call, Metadata headers, ServerCallHandler<ReqT, RespT> next) {
String token = headers.get(AUTHORIZATION_KEY);
if (token == null || !token.startsWith("Bearer ")) {
call.close(Status.UNAUTHENTICATED.withDescription("Missing or invalid token"), new Metadata());
return new ServerCall.Listener<>() {};
}
try {
String jwt = token.substring(7);
JwtUtil.validateToken(jwt); // Validate token
return next.startCall(call, headers);
} catch (JWTVerificationException e) {
call.close(Status.UNAUTHENTICATED.withDescription("Invalid token"), new Metadata());
return new ServerCall.Listener<>() {};
}
}
}
So maybe there I can skip some service/method.
Does anyone knows how to proceed? I don't see any method in the Provider or Reader useful
For the moment I exposed a rest service to get the token is this good?
I'm using implementation("net.devh:grpc-spring-boot-starter:3.1.0.RELEASE") library to do Grpc work in my java application.
I followed the documentation to implement Authentication, implementing GrpcAuthenticationReader and AuthenticationProvider
@Bean
public JwtGrpcAuthenticationReader jwtAuthenticationReader() {
log.info("Initializing jwtAuthenticationReader...");
return new JwtGrpcAuthenticationReader();
}
@Bean
public JwtGrpcAuthenticationProvider jwtAuthenticationProvider() {
log.info("Initializing jwtAuthenticationProvider...");
return new JwtGrpcAuthenticationProvider(secretManagerService);
}
@Bean
AuthenticationManager authenticationManager() {
final List<AuthenticationProvider> providers = new ArrayList<>();
providers.add(jwtAuthenticationProvider());
return new ProviderManager(providers);
}
@Bean
GrpcAuthenticationReader authenticationReader() {
final List<GrpcAuthenticationReader> readers = new ArrayList<>();
readers.add(jwtAuthenticationReader());
return new CompositeGrpcAuthenticationReader(readers);
}
Now the problem is that every request is under authentication. How can I leave one out to get a token to then call other services?
I sow that I can implement also
public class JwtAuthInterceptor implements ServerInterceptor {
private static final Metadata.Key<String> AUTHORIZATION_KEY =
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
@Override
public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
ServerCall<ReqT, RespT> call, Metadata headers, ServerCallHandler<ReqT, RespT> next) {
String token = headers.get(AUTHORIZATION_KEY);
if (token == null || !token.startsWith("Bearer ")) {
call.close(Status.UNAUTHENTICATED.withDescription("Missing or invalid token"), new Metadata());
return new ServerCall.Listener<>() {};
}
try {
String jwt = token.substring(7);
JwtUtil.validateToken(jwt); // Validate token
return next.startCall(call, headers);
} catch (JWTVerificationException e) {
call.close(Status.UNAUTHENTICATED.withDescription("Invalid token"), new Metadata());
return new ServerCall.Listener<>() {};
}
}
}
So maybe there I can skip some service/method.
Does anyone knows how to proceed? I don't see any method in the Provider or Reader useful
For the moment I exposed a rest service to get the token is this good?
Share Improve this question edited 2 days ago Pp88 asked 2 days ago Pp88Pp88 1,0841 gold badge9 silver badges27 bronze badges1 Answer
Reset to default 0The solution was under my nose. In the doc it's stated that if the Reader returns null the auth is skipped.
And in the ServerCall<?, ?> call you can get the full/bareMethodName
public class JwtGrpcAuthenticationReader implements GrpcAuthenticationReader {
private static final Metadata.Key<String> AUTHORIZATION_KEY =
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
@Override
public @Nullable Authentication readAuthentication(ServerCall<?, ?> call, Metadata headers) throws AuthenticationException {
if (call.getMethodDescriptor().getFullMethodName().equals("com.exmple.pi.protobufpliancerules.services.ProductComplianceRuleService/DeleteComplianceRule")) {
return null;
}
var token = headers.get(AUTHORIZATION_KEY);
if (token == null || !token.startsWith("Bearer ")) {
throw new AuthenticationCredentialsNotFoundException("Missing token");
}
var jwtAuth = new JwtAuthentication(null);
jwtAuth.setToken(token.substring(7));
return jwtAuth;
}
}
本文标签: javagrpcspringbootstarter method for AuthenticationStack Overflow
版权声明:本文标题:java - grpc-spring-boot-starter method for Authentication - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743825432a2545554.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论