猿问

当 @Scheduled 触发时,在 SecurityContext 中未找到

我创建了一个Spring Boot应用程序,但在某些可以手动或通过@Scheduled注释触发的端点上遇到了问题。

我遇到的问题如下:

org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:在SecurityContext中找不到身份验证对象

SecurityContext如果进程调用 via ,是否有办法触发@Scheduled

我是新手Spring Security,很难理解参考指南。我发现了一些类似的问题,但仍然无法理解如何将答案应用于我的案例。

我的例子MyController

@Secured("ROLE_ADMIN")

@RestController

@RequestMapping(value = "/api")

public class MyController {


    @Scheduled(cron = "* * * * * *")

    @GetMapping(path="/data")

    public void getData() {

        // Do some operations

    }

}


ibeautiful
浏览 147回答 2
2回答

胡说叔叔

基本上,您必须使用必要的身份验证来配置您的调度程序。大致如下:import com.google.common.collect.ImmutableList;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.scheduling.annotation.SchedulingConfigurer;import org.springframework.scheduling.config.ScheduledTaskRegistrar;import org.springframework.security.authentication.AnonymousAuthenticationToken;import org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.context.SecurityContext;import java.util.List;import java.util.concurrent.Executor;import static java.util.concurrent.Executors.newSingleThreadScheduledExecutor;import static org.springframework.security.core.context.SecurityContextHolder.getContext;@Configurationpublic class SchedulerConfiguration implements SchedulingConfigurer {&nbsp; &nbsp; private static final String KEY = "spring";&nbsp; &nbsp; private static final String PRINCIPAL = "spring";&nbsp; &nbsp; private static final List<SimpleGrantedAuthority> AUTHORITIES = ImmutableList.of(new SimpleGrantedAuthority("ADMIN"));&nbsp; &nbsp; @Override&nbsp; &nbsp; public void configureTasks(final ScheduledTaskRegistrar taskRegistrar) {&nbsp; &nbsp; &nbsp; &nbsp; taskRegistrar.setScheduler(taskExecutor());&nbsp; &nbsp; }&nbsp; &nbsp; @Bean&nbsp; &nbsp; public Executor taskExecutor() {&nbsp; &nbsp; &nbsp; &nbsp; final AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(KEY, PRINCIPAL, AUTHORITIES);&nbsp; &nbsp; &nbsp; &nbsp; final SecurityContext securityContext = getContext();&nbsp; &nbsp; &nbsp; &nbsp; securityContext.setAuthentication(token);&nbsp; &nbsp; &nbsp; &nbsp; return new DelegatingSecurityContextScheduledExecutorService(newSingleThreadScheduledExecutor(), securityContext);&nbsp; &nbsp; }}然后你可以用 注释你的控制器@Secured("hasAuthority('ADMIN')")。
0

千万里不及你

方法@Scheduled不应该@Secured。预定的方法已经在可信代码中。重构你的代码,例如@Secured("ROLE_ADMIN")@RestController@RequestMapping(value = "/api")public class MyController {&nbsp; &nbsp; @Autowired&nbsp; &nbsp; private MyService myService;&nbsp; &nbsp; @PostMapping(path="/run")&nbsp; &nbsp; public void runJobs() {&nbsp; &nbsp; &nbsp; &nbsp; myService.runJobs();&nbsp; &nbsp; }}@Servicepublic class MyService {&nbsp; &nbsp; @Scheduled(cron = "* * * * * *")&nbsp; &nbsp; public void runJobs() {&nbsp; &nbsp; &nbsp; &nbsp; // Do some operations&nbsp; &nbsp; }}
0
随时随地看视频慕课网APP

相关分类

Java
我要回答