stackoom
  简体   繁体   中英

Spring boot resource server principal name

 原文  2020-12-10 21:02:32       java/ spring/ spring-boot/ oauth/ keycloak

Question

I have a Keycloak server running. and a spring boot application as a resource server. I can authenticate and get token and the spring boot app will accept the token. but when I want to get the username from the Principal I will get a UUID instead of my email or username. I also added a mapper to my keycloak that maps preferred_username to username. and it's working.

JWT info 

  ...
  "scope": "openid profile email",
  "email_verified": true,
  "username": "test@test.com",
  "DOB": "12345",
  "name": "test test",
  "preferred_username": "test@test.com",
  "given_name": "test",
  "family_name": "test",
  "email": "test@test.com"
}

my spring app properties:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: http://localhost:8080/auth/realms/test

2 answers

solution1
 0 ACCPTED  2020-12-10 21:52:00

@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class JWTSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
    
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }

    @Bean
    public KeycloakConfigResolver KeycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    /**
     * Defines the session authentication strategy.
     */
    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .authorizeRequests(authz -> authz
            .anyRequest().permitAll().permitAll())
          .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
    }
}

solution2
 0  2022-04-12 15:01:29

Spring Security saves the JWT token as principal to the SecurityContextHolder. For example the following code would return the username that you are looking for.

...
import org.springframework.security.oauth2.jwt.Jwt;
...
@GetMapping(value = "current-user", produces = "application/json")
    ResponseEntity<String> getLoggedInUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Jwt principal = (Jwt) authentication.getPrincipal(); 
        String currentUserName = principal.getClaimAsString("username");
        return new ResponseEntity<String>(currentUserName, HttpStatus.OK);
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get principal in Spring Boot resource server from JWT token Spring Security - Principal from Authorization Server is different from Resource Server Spring resource server authorization with two different Authorization servers, loses principal Passing authorities and user principal from rest client to server spring boot Handle Security exceptions in Spring Boot Resource Server Spring Boot Resource Server Invalid Token Spring-boot oauth2 splitting authorization server and resource server How to get resource server text from client server in spring boot Extract data from Principal in Java Spring Boot Spring Boot Raw WebSocket Set Principal
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM