Security
可以对 Web GraphQL 端点路径使用 HTTPURL 安全性进行保护,以确保只有经过身份验证的用户才能访问它。然而,这并不区分单个 URL 上此类共享端点上的不同 GraphQL 请求。
The path to a Web GraphQL endpoint can be secured with HTTP URL security to ensure that only authenticated users can access it. This does not, however, differentiate among different GraphQL requests on such a shared endpoint on a single URL.
要应用更精细的安全性,请将 Spring Security 注释(如 @PreAuthorize 或 @Secured)添加到涉及获取 GraphQL 响应特定部分的服务方法中。这应该适用于 Context Propagation,其目的是在数据获取级别使安全性和其他上下文可用。
To apply more fine-grained security, add Spring Security annotations such as
@PreAuthorize or @Secured to service methods involved in fetching specific parts of
the GraphQL response. This should work due to Context Propagation that aims to make
Security, and other context, available at the data fetching level.
此代码库的 1.0.x 分支包含用于 Spring MVC 和用于 WebFlux 的示例。
The 1.0.x branch of this repository contains samples for Spring MVC and for WebFlux.