我有一个Spring数据存储库。调用 http://localhost:8080/persons Web 服务时,我想记录一些内容。我不想制作 MyCustomRepository<>。更清洁的选择?
存储库类:
@RepositoryRestResource(collectionResourceRel = "persons", path = "persons")
public interface PersonRepository extends PagingAndSortingRepository<Person, Long> {
List<Person> findByLastName(@Param("name") String name);
示例日志:
log.error("AccessToken: " + securityContext.getTokenString());
log.error("User: {} / {}", accessToken.getPreferredUsername(), accessToken.getName());
log.error("Principal: {}", principal.getName());
您可以创建一个方面来拦截对PersonRepository的调用。从那里可以访问 OAuth2 访问令牌和安全上下文以检索主体。这里有一个例子,
@Component
@Aspect
@Log
public class SecurityAspect {
@Autowired
private OAuth2ClientContext oauth2ClientContext;
@Pointcut("execution(public * my.example.repository.PersonRepository.*(..))")
public void pointcut() {
}
@Around("pointcut()")
public Object advice(ProceedingJoinPoint pjp) throws Throwable {
log.info(
"Entering SecurityAspect.advice() in class "
+ pjp.getSignature().getDeclaringTypeName()
+ " - method: " + pjp.getSignature().getName());
OAuth2AccessToken accessToken = oauth2ClientContext.getAccessToken();
log.info("AccessToken: " + accessToken);
if (SecurityContextHolder.getContext().getAuthentication()
instanceof OAuth2Authentication) {
OAuth2Authentication authentication =
(OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
if (authentication.getUserAuthentication() instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken userToken =
(UsernamePasswordAuthenticationToken) authentication.getUserAuthentication();
log.info("Principal id: " + userToken.getPrincipal());
if (userToken.getDetails() instanceof Map) {
Map details = (Map) userToken.getDetails();
log.info("Principal Name: " + details.get("name"));
}
}
}
return pjp.proceed();
}
}