Spring OAuth / JWT从访问令牌获取额外信息
[英]Spring OAuth/JWT get extra information from access token
问题描述
I made a simple application that use spring security with oauth/jwt provider. 
我做了一个简单的应用程序,使用spring安全性与oauth / jwt提供程序。 I added extra information in jwt token by custom JwtAccessTokenConverter and it works well. 我通过自定义JwtAccessTokenConverter在jwt标记中添加了额外的信息,它运行良好。
My issue is how gets these extra informations in my Rest Controller. 我的问题是如何在我的Rest Controller中获取这些额外的信息。
This is my test: 这是我的测试:
@RequestMapping(value = "/test", produces = { "application/json" },method = RequestMethod.GET)
public String testMethod(OAuth2Authentication authentication,
OAuth2AccessToken token,
Principal user){
.....
Object a=token.getAdditionalInformation();
Object b=token.getValue();
...
}
The results are: 结果是:
- OAuth2Authentication: well inject but don't contain additional informations or accesstoken object (it contains only the original jwt token string). OAuth2Authentication:注入良好但不包含其他信息或accesstoken对象(它只包含原始的jwt令牌字符串)。
- User is a reference to OAuth2Authentication 用户是OAuth2Authentication的参考
- OAuth2AccessToken: is aop proxy without any information infact object A and B are null. OAuth2AccessToken:是没有任何信息的aop代理,对象A和B都是null。
Some extra info: 一些额外的信息:
- I checked,by debug, that ResourceService use my JwtAccessTokenConverter and extract the list of additional information from the access token string in input. 我通过调试检查了ResourceService使用我的JwtAccessTokenConverter并从输入中的访问令牌字符串中提取附加信息列表。
1 个解决方案
解决方案1
1 已采纳 2016-02-01 16:52:32
I found a possible solution. 我找到了可能的解决方案。
I set in my JwtAccessTokenConverter a DefaultAccessTokenConverter where i set my custom UserTokenConverter. 我在JwtAccessTokenConverter中设置了一个DefaultAccessTokenConverter,我在其中设置了自定义UserTokenConverter。
So.. The JwtAccessTokenConverter manage only the jwt aspect of access token (token verification and extraction), the new DefaultAccessTokenConverter manages the oauth aspect of access token convertion including the use of my custom UserTokenConverter to create the Pricipal with custom informations extracted from jwt token. 所以...... JwtAccessTokenConverter只管理访问令牌的jwt方面(令牌验证和提取),新的DefaultAccessTokenConverter管理访问令牌转换的oauth方面,包括使用我的自定义UserTokenConverter创建带有从jwt令牌中提取的自定义信息的Pricipal。
public class myUserConverter extends DefaultUserAuthenticationConverter {
public Authentication extractAuthentication(Map<String, ?> map) {
if (map.containsKey(USERNAME)) {
// Object principal = map.get(USERNAME);
Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
UserDto utente = new UserDto();
utente.setUsername(map.get(USERNAME).toString());
utente.setUfficio(map.get("ufficio").toString());
utente.setExtraInfo(map.get("Informazione1").toString());
utente.setNome(map.get("nome").toString());
utente.setCognome(map.get("cognome").toString());
utente.setRuolo(map.get("ruolo").toString());
return new UsernamePasswordAuthenticationToken(utente, "N/A", authorities);
}
return null;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.