授权事件

QWen Max 中英对照 Authorization Events

对于每个被拒绝的授权，都会触发一个 AuthorizationDeniedEvent。同样，对于被授予的授权，也可以触发一个 AuthorizationGrantedEvent。

要监听这些事件，您必须首先发布一个 AuthorizationEventPublisher。

Spring Security 的 SpringAuthorizationEventPublisher 可能会很好用。它使用 Spring 的 ApplicationEventPublisher 发布授权事件：

Java

@Bean
public AuthorizationEventPublisher authorizationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    return new SpringAuthorizationEventPublisher(applicationEventPublisher);
}

java

Kotlin

@Bean
fun authorizationEventPublisher
        (applicationEventPublisher: ApplicationEventPublisher?): AuthorizationEventPublisher {
    return SpringAuthorizationEventPublisher(applicationEventPublisher)
}

kotlin

然后，你可以使用 Spring 的 @EventListener 支持：

Java

@Component
public class AuthenticationEvents {

    @EventListener
    public void onFailure(AuthorizationDeniedEvent failure) {
        // ...
    }
}

java

Kotlin

@Component
class AuthenticationEvents {

    @EventListener
    fun onFailure(failure: AuthorizationDeniedEvent?) {
        // ...
    }
}

kotlin

授权授予事件

因为 AuthorizationGrantedEvent 有可能会产生大量的事件，所以默认情况下不会发布这些事件。

实际上，发布这些事件可能需要你编写一些业务逻辑，以确保你的应用程序不会被大量的授权事件淹没。

您可以创建自己的事件发布者来过滤成功事件。例如，以下发布者仅发布需要 ROLE_ADMIN 的授权许可：

Java

@Component
public class MyAuthorizationEventPublisher implements AuthorizationEventPublisher {
    private final ApplicationEventPublisher publisher;
    private final AuthorizationEventPublisher delegate;

    public MyAuthorizationEventPublisher(ApplicationEventPublisher publisher) {
        this.publisher = publisher;
        this.delegate = new SpringAuthorizationEventPublisher(publisher);
    }

    @Override
    public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication,
            T object, AuthorizationDecision decision) {
        if (decision == null) {
            return;
        }
        if (!decision.isGranted()) {
            this.delegate.publishAuthorizationEvent(authentication, object, decision);
            return;
        }
        if (shouldThisEventBePublished(decision)) {
            AuthorizationGrantedEvent granted = new AuthorizationGrantedEvent(
                    authentication, object, decision);
            this.publisher.publishEvent(granted);
        }
    }

    private boolean shouldThisEventBePublished(AuthorizationDecision decision) {
        if (!(decision instanceof AuthorityAuthorizationDecision)) {
            return false;
        }
        Collection<GrantedAuthority> authorities = ((AuthorityAuthorizationDecision) decision).getAuthorities();
        for (GrantedAuthority authority : authorities) {
            if ("ROLE_ADMIN".equals(authority.getAuthority())) {
                return true;
            }
        }
        return false;
    }
}

java

Kotlin

@Component
class MyAuthorizationEventPublisher(val publisher: ApplicationEventPublisher,
    val delegate: SpringAuthorizationEventPublisher = SpringAuthorizationEventPublisher(publisher)):
    AuthorizationEventPublisher {

    override fun <T : Any?> publishAuthorizationEvent(
        authentication: Supplier<Authentication>?,
        `object`: T,
        decision: AuthorizationDecision?
    ) {
        if (decision == null) {
            return
        }
        if (!decision.isGranted) {
            this.delegate.publishAuthorizationEvent(authentication, `object`, decision)
            return
        }
        if (shouldThisEventBePublished(decision)) {
            val granted = AuthorizationGrantedEvent(authentication, `object`, decision)
            this.publisher.publishEvent(granted)
        }
    }

    private fun shouldThisEventBePublished(decision: AuthorizationDecision): Boolean {
        if (decision !is AuthorityAuthorizationDecision) {
            return false
        }
        val authorities = decision.authorities
        for (authority in authorities) {
            if ("ROLE_ADMIN" == authority.authority) {
                return true
            }
        }
        return false
    }
}

kotlin