grpc-spring icon indicating copy to clipboard operation
grpc-spring copied to clipboard
verified publisher icon grpc-ecosystem

如何使用安全认证模块

Open liaowucisheng opened this issue 3 years ago • 2 comments

The context

我希望可以使用该框架实现安全认证功能,但无法实现

The question

一直都是使用maven构建项目,配置环境后依旧没法运行gradle构建的security示例

The application's environment

我使用的依赖如下:

    <dependencies>
        <dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-netty</artifactId>
            <version>1.45.0</version>
        </dependency>
        <!-- For both -->
        <dependency>
            <groupId>net.devh</groupId>
            <artifactId>grpc-spring-boot-starter</artifactId>
            <version>2.13.1.RELEASE</version>
            <exclusions>
                <exclusion>
                    <groupId>io.grpc</groupId>
                    <artifactId>grpc-netty-shaded</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!-- For the server (only) -->
        <dependency>
            <groupId>net.devh</groupId>
            <artifactId>grpc-server-spring-boot-starter</artifactId>
            <version>2.13.1.RELEASE</version>
            <exclusions>
                <exclusion>
                    <groupId>io.grpc</groupId>
                    <artifactId>grpc-netty-shaded</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!-- For the client (only) -->
        <dependency>
            <groupId>net.devh</groupId>
            <artifactId>grpc-client-spring-boot-starter</artifactId>
            <version>2.13.1.RELEASE</version>
            <exclusions>
                <exclusion>
                    <groupId>io.grpc</groupId>
                    <artifactId>grpc-netty-shaded</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
            <version>2.6.6</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>2.6.6</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.24</version>
        </dependency>
        <!-- 配置安全 spring-boot-starter-security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>5.6.2</version>
        </dependency>
        <dependency>
            <groupId>com.abc.grpc.security.example</groupId>
            <artifactId>grpc-lib</artifactId>
            <version>1.0-SNAPSHOT</version>
        </dependency>
    </dependencies>

看了相关文档,写的过于散乱,对新手不是很友好(我看了之后不知到要怎么做)。。。,安全配置类如下:

@Configuration(proxyBeanMethods = false)
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration {
    @Bean
    GrpcAuthenticationReader authenticationReader() {
        final List<GrpcAuthenticationReader> readers = new ArrayList<>();
        readers.add(new SSLContextGrpcAuthenticationReader());
        return new CompositeGrpcAuthenticationReader(readers);
    }
}

启动服务后

Cannot resolve io.netty:netty-codec-http:4.1.72.Final

如果不引入grpc-netty,则报错


java.lang.IllegalStateException: Error processing condition on org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.authenticationEventPublisher

请问大佬有没有空,看看能不能弄个双向证书认证的示例参考一下,我搞了一个星期都没弄好,累觉不爱了

liaowucisheng avatar May 09 '22 09:05 liaowucisheng

English

If you have a stracktrace, please always include it when possible, as this makes identifying issues much easier.

I assume, you have the basic ssl setup working before attempting to add the actual auth? If not have a look here: https://github.com/yidongnan/grpc-spring-boot-starter/blob/master/tests/src/test/java/net/devh/boot/grpc/test/setup/SelfSignedMutualSetupTest.java

If the basic ssl setup is working you can start configuring your authentication setup:

Please note that the SSLContextGrpcAuthenticationReader is only the first step. You also have to configure an AuthenticationProvider/AuthenticationManager:

https://github.com/yidongnan/grpc-spring-boot-starter/blob/7ce76713a562c4f8ad907c89d4239eabda32ee7f/tests/src/test/java/net/devh/boot/grpc/test/config/WithCertificateSecurityConfiguration.java#L41-L67

If you have still trouble with it please try the following example: https://github.com/yidongnan/grpc-spring-boot-starter/blob/master/tests/src/test/java/net/devh/boot/grpc/test/security/AnnotatedSecurityWithCertificateTest.java

I also noticed, that you have replaced the shaded netty with another one. You might have to add a tcnative/boring ssl dependency for ssl to work. https://github.com/grpc/grpc-java/blob/master/SECURITY.md

Does that help you?

ST-DDT avatar May 09 '22 10:05 ST-DDT

If you get it working, can you tell me which pieces of information did you miss in the documentation? Then I can edit it, so all required information are present there? (Since I wrote all of that myself, I'm prone to assume, that everything is perfectly clear, while it isn't for everyone else.)

ST-DDT avatar May 09 '22 10:05 ST-DDT