授权事件

对于每个被拒绝的授权,都会触发一个 AuthorizationDeniedEvent。此外,对于已授予的授权,也可以触发一个 AuthorizationGrantedEvent

要监听这些事件,您必须首先发布一个 AuthorizationEventPublisher

Spring Security 的 SpringAuthorizationEventPublisher 可能会很好用。它使用 Spring 的 ApplicationEventPublisher 发布授权事件。

  • Java

  • Kotlin

@Bean
public AuthorizationEventPublisher authorizationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    return new SpringAuthorizationEventPublisher(applicationEventPublisher);
}
@Bean
fun authorizationEventPublisher
        (applicationEventPublisher: ApplicationEventPublisher?): AuthorizationEventPublisher {
    return SpringAuthorizationEventPublisher(applicationEventPublisher)
}

然后,您可以使用 Spring 的 @EventListener 支持。

  • Java

  • Kotlin

@Component
public class AuthenticationEvents {

    @EventListener
    public void onFailure(AuthorizationDeniedEvent failure) {
		// ...
    }
}
@Component
class AuthenticationEvents {

    @EventListener
    fun onFailure(failure: AuthorizationDeniedEvent?) {
        // ...
    }
}

授权授予事件

由于 AuthorizationGrantedEvents 有可能非常“嘈杂”,因此默认情况下不发布它们。

实际上,发布这些事件可能需要您自己编写一些业务逻辑,以确保您的应用程序不会被嘈杂的授权事件淹没。

您可以提供自己的谓词来过滤成功事件。例如,以下发布者仅发布需要 ROLE_ADMIN 的授权授予。

  • Java

  • Kotlin

@Bean
AuthorizationEventPublisher authorizationEventPublisher() {
    SpringAuthorizationEventPublisher eventPublisher = new SpringAuthorizationEventPublisher();
    eventPublisher.setShouldPublishEvent((result) -> {
        if (!result.isGranted()) {
            return true;
        }
        if (result instanceof AuthorityAuthorizationDecision decision) {
            Collection<GrantedAuthority> authorities = decision.getAuthorities();
            return AuthorityUtils.authorityListToSet(authorities).contains("ROLE_ADMIN");
        }
        return false;
    });
    return eventPublisher;
}
@Bean
fun authorizationEventPublisher(): AuthorizationEventPublisher {
    val eventPublisher = SpringAuthorizationEventPublisher()
    eventPublisher.setShouldPublishEvent { (result) ->
        if (!result.isGranted()) {
            return true
        }
        if (decision is AuthorityAuthorizationDecision) {
            val authorities = decision.getAuthorities()
            return AuthorityUtils.authorityListToSet(authorities).contains("ROLE_ADMIN")
        }
        return false
    }
    return eventPublisher
}
© . This site is unofficial and not affiliated with VMware.