授權事件

對於每個被拒絕的授權,都會觸發一個 AuthorizationDeniedEvent。此外,對於已授予的授權,也可以觸發一個 AuthorizationGrantedEvent

要監聽這些事件,您必須首先發佈一個 AuthorizationEventPublisher

Spring Security 的 SpringAuthorizationEventPublisher 可能會很好用。它使用 Spring 的 ApplicationEventPublisher 釋出授權事件。

  • Java

  • Kotlin

@Bean
public AuthorizationEventPublisher authorizationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    return new SpringAuthorizationEventPublisher(applicationEventPublisher);
}
@Bean
fun authorizationEventPublisher
        (applicationEventPublisher: ApplicationEventPublisher?): AuthorizationEventPublisher {
    return SpringAuthorizationEventPublisher(applicationEventPublisher)
}

然後,您可以使用 Spring 的 @EventListener 支援。

  • Java

  • Kotlin

@Component
public class AuthenticationEvents {

    @EventListener
    public void onFailure(AuthorizationDeniedEvent failure) {
		// ...
    }
}
@Component
class AuthenticationEvents {

    @EventListener
    fun onFailure(failure: AuthorizationDeniedEvent?) {
        // ...
    }
}

授權授予事件

由於 AuthorizationGrantedEvents 有可能非常“嘈雜”,因此預設情況下不釋出它們。

實際上,釋出這些事件可能需要您自己編寫一些業務邏輯,以確保您的應用程式不會被嘈雜的授權事件淹沒。

您可以提供自己的謂詞來過濾成功事件。例如,以下發布者僅釋出需要 ROLE_ADMIN 的授權授予。

  • Java

  • Kotlin

@Bean
AuthorizationEventPublisher authorizationEventPublisher() {
    SpringAuthorizationEventPublisher eventPublisher = new SpringAuthorizationEventPublisher();
    eventPublisher.setShouldPublishEvent((result) -> {
        if (!result.isGranted()) {
            return true;
        }
        if (result instanceof AuthorityAuthorizationDecision decision) {
            Collection<GrantedAuthority> authorities = decision.getAuthorities();
            return AuthorityUtils.authorityListToSet(authorities).contains("ROLE_ADMIN");
        }
        return false;
    });
    return eventPublisher;
}
@Bean
fun authorizationEventPublisher(): AuthorizationEventPublisher {
    val eventPublisher = SpringAuthorizationEventPublisher()
    eventPublisher.setShouldPublishEvent { (result) ->
        if (!result.isGranted()) {
            return true
        }
        if (decision is AuthorityAuthorizationDecision) {
            val authorities = decision.getAuthorities()
            return AuthorityUtils.authorityListToSet(authorities).contains("ROLE_ADMIN")
        }
        return false
    }
    return eventPublisher
}
© . This site is unofficial and not affiliated with VMware.