[英]Spring OAuth/JWT get extra information from access token
I made a simple application that use spring security with oauth/jwt provider. 我做了一个简单的应用程序,使用spring安全性与oauth / jwt提供程序。 I added extra information in jwt token by custom JwtAccessTokenConverter and it works well.
我通过自定义JwtAccessTokenConverter在jwt标记中添加了额外的信息,它运行良好。
My issue is how gets these extra informations in my Rest Controller. 我的问题是如何在我的Rest Controller中获取这些额外的信息。
This is my test: 这是我的测试:
@RequestMapping(value = "/test", produces = { "application/json" },method = RequestMethod.GET)
public String testMethod(OAuth2Authentication authentication,
OAuth2AccessToken token,
Principal user){
.....
Object a=token.getAdditionalInformation();
Object b=token.getValue();
...
}
The results are: 结果是:
Some extra info: 一些额外的信息:
I found a possible solution. 我找到了可能的解决方案。
I set in my JwtAccessTokenConverter a DefaultAccessTokenConverter where i set my custom UserTokenConverter. 我在JwtAccessTokenConverter中设置了一个DefaultAccessTokenConverter,我在其中设置了自定义UserTokenConverter。
So.. The JwtAccessTokenConverter manage only the jwt aspect of access token (token verification and extraction), the new DefaultAccessTokenConverter manages the oauth aspect of access token convertion including the use of my custom UserTokenConverter to create the Pricipal with custom informations extracted from jwt token. 所以...... JwtAccessTokenConverter只管理访问令牌的jwt方面(令牌验证和提取),新的DefaultAccessTokenConverter管理访问令牌转换的oauth方面,包括使用我的自定义UserTokenConverter创建带有从jwt令牌中提取的自定义信息的Pricipal。
public class myUserConverter extends DefaultUserAuthenticationConverter {
public Authentication extractAuthentication(Map<String, ?> map) {
if (map.containsKey(USERNAME)) {
// Object principal = map.get(USERNAME);
Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
UserDto utente = new UserDto();
utente.setUsername(map.get(USERNAME).toString());
utente.setUfficio(map.get("ufficio").toString());
utente.setExtraInfo(map.get("Informazione1").toString());
utente.setNome(map.get("nome").toString());
utente.setCognome(map.get("cognome").toString());
utente.setRuolo(map.get("ruolo").toString());
return new UsernamePasswordAuthenticationToken(utente, "N/A", authorities);
}
return null;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.