Spring 启动 Oauth 安全性 - 客户端凭据授予类型中主体中的用户(自定义信息)信息
[英]Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type
问题描述
I'm using "client-credentials" grant type for the rest calls that I make from front-end service to other back-end services.
我正在为从前端服务到其他后端服务的 rest 调用使用“客户端凭据”授权类型。 Client-credentials grant type is being used among other back-end services as well.客户端凭据授予类型也在其他后端服务中使用。 By doing so, I am not able to get who is the actual invoker (currently logged in user) of a request.通过这样做,我无法知道谁是请求的实际调用者(当前登录用户)。 Is there a way to inject authentication and authorization info of the principal to the token that is being issued in the client-credentials grant?有没有办法将主体的身份验证和授权信息注入到客户端凭据授予中颁发的令牌中? (user info means the id or details of the user who has the client credentials). (用户信息是指拥有客户端凭据的用户的 ID 或详细信息)。 I can add some custom data to the token by using a custom token enhancer.我可以使用自定义令牌增强器向令牌添加一些自定义数据。 But I couldn't find out how we can get it in the principal( SpringSecurityPrincipal springSecurityPrincipal = (SpringSecurityPrincipal)oAuth2Authentication.getPrincipal(); ), normally in the password flow we can achieve this by using custom AuthenticationProvider implementation like that is there any class that I can implement and use to add custom principal?但是我不知道如何在主体中获取它( SpringSecurityPrincipal springSecurityPrincipal = (SpringSecurityPrincipal)oAuth2Authentication.getPrincipal(); ),通常在密码流中我们可以通过使用自定义AuthenticationProvider实现来实现这一点,比如有没有 class我可以实现和使用来添加自定义主体?
Thanks for the help.谢谢您的帮助。
1 个解决方案
解决方案1
0 2021-03-25 07:29:20
You could create a custom UserDetailsService and create a custom Principal according to your requirements.您可以创建自定义UserDetailsService并根据您的要求创建自定义Principal 。 You might pick some ideas from here: Authentication with a Database-backed UserDetailsService您可能会从这里挑选一些想法: Authentication with a Database-backed UserDetailsService
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.