问题描述
我想向micronaut-security as described in the docs添加自定义AuthenticationProvider
。但是我的自定义实现从未被调用:
控制器:
@Get("/team")
@Secured(SecurityRule.IS_AUTHENTICATED)
HttpResponse getTeam(@Body @Valid JoinTeamRequest req) {
log.info("Get own team")
return HttpResponse.ok()
}
自定义身份验证提供程序
@Singleton
class LiquidoAuthenticationProvider implements AuthenticationProvider {
LiquidoAuthenticationProvider() {
println "============= INIT LiquidoAuthenticationProvider" // this gets called. Can set a breakpoint on it
}
@Override
public Publisher<AuthenticationResponse> authenticate(HttpRequest<?> httpRequest,AuthenticationRequest<?,?> authenticationRequest) {
println "============= authenticate " // <=== this never gets called. Breakpoint is never reached ?????????? Why?
[...] some code to authenticate request that returns flowable UserDetails on succcess [...]
}
}
为什么从不调用authenticate方法?
更多可能相关的信息:
- 我在后端使用micronaut。
- micronaut.security.authentication-provider-strategy:ANY(默认为放行)
解决方法
解决方案:只有请求中包含AuthenticationProviders
标头时,才在Micronaut中调用Authorization
。实际上是一个不错的性能改进。但是需要知道。调试时可能会产生误导。