7. Service Broker 安全性

Open Service Broker API 规范中未指定 Service Broker 端点的身份验证和授权,但某些平台要求或允许在将 Service Broker 注册到平台时提供基本身份验证OAuth2 凭据。spring-doc.cn

Spring Cloud Open Service Broker 项目不实施任何安全配置。 Service Broker 应用程序端点可以通过 Spring SecuritySpring Boot 安全配置进行保护,方法是使用路径匹配模式将安全性应用于应用程序端点:。/v2/**spring-doc.cn

7.1. 示例配置

以下示例在 Spring MVC 中实现安全配置,即阻塞 webstack。Spring WebFlux 反应式堆栈的类似配置是必要的,请参阅 Spring Security webFlux 支持spring-doc.cn

package com.example.servicebroker;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class ExampleSecurityConfig {

	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		return http.csrf(AbstractHttpConfigurer::disable)
				.authorizeHttpRequests(httpRequests -> httpRequests.requestMatchers("/v2/**").hasRole("ADMIN"))
				.httpBasic(Customizer.withDefaults())
				.build();
	}

	@Bean
	public InMemoryUserDetailsManager userDetailsService() {
		return new InMemoryUserDetailsManager(adminUser());
	}

	private UserDetails adminUser() {
		return User
				.withUsername("admin")
				.password("{noop}supersecret")
				.roles("ADMIN")
				.build();
	}
}