[英]Spring Security OAuth2 - URLEncoded input Key-Values getting auto-appended in token response json
我正在使用Spring-Security OAuth2-密码授予来获取JWT访问和刷新令牌。
我在请求中将一些其他URLEncoded键/值传递给/ oauth / token-这样我就可以将它们作为附加声明添加到生成的JWT访问和刷新令牌中。
TokenEnhancer正在将它们作为附加声明添加到生成的JWT访问和刷新令牌中; 但问题是这些也同样添加到了响应JSON中-我不想这么做。 如何防止它被附加在响应中?
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
configurer
.inMemory()
.withClient(CLIEN_ID)
.secret(passwordEncoder().encode(CLIENT_SECRET))
.authorizedGrantTypes(GRANT_TYPE_PASSWORD, REFRESH_TOKEN)
.scopes(SCOPE_READ, SCOPE_WRITE, TRUST)
.accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
.refreshTokenValiditySeconds(REFRESH_TOKEN_VALIDITY_SECONDS);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
endpoints.tokenStore(tokenStore()).tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager);
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter( new JwtConverter() );
converter.setSigningKey("abcdefghijklmnopqrstuvwxyz1234567890");
return converter;
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserAttributesMap userAttributesMapper() {
return new UserAttributesMap();
}
public static class JwtConverter extends DefaultAccessTokenConverter implements JwtAccessTokenConverterConfigurer {
@Override
public void configure(JwtAccessTokenConverter converter) {
converter.setAccessTokenConverter(this);
}
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
OAuth2Authentication auth = super.extractAuthentication(map);
auth.setDetails(map);
return auth;
}
}
}
public class CustomTokenEnhancer implements TokenEnhancer {
@Autowired
private UserAttributesMap userAttributesMap;
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("DateOfBirth", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("dob"));
additionalInfo.put("PAN_Number", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("pan"));
additionalInfo.put("Address_Line_1", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("addr1"));
additionalInfo.put("Address_Line_2", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("addr2"));
((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(additionalInfo);
return oAuth2AccessToken;
}
}
@dur建议的解决方案有效...
Spring Security OAuth2 不使用属性中的令牌过期值
[英]Spring Security OAuth2 not using token expire values from properties
Spring 安全 oauth2 - 在 oauth/token 调用后添加过滤器
[英]Spring security oauth2 - add filter after oauth/token call
Spring security oauth2 - 无法访问 /oauth/token 路由
[英]Spring security oauth2 - Can't access /oauth/token route
Spring Boot 2.0.3 Oauth2安全性:即使在标头中使用访问令牌也会出现401错误
[英]Spring Boot 2.0.3 Oauth2 Security: Getting 401 error even when using access token in header
spring security oauth2(2.0.8)获取InMemory令牌库使用的无效访问令牌
[英]spring security oauth2 (2.0.8) getting Invalid access token used InMemory tokenstore
春季安全oauth2 JWT刷新令牌返回“身份验证失败:invalid_token无法将访问令牌转换为JSON”
[英]spring security oauth2 JWT refresh token returns “Authentication failed: invalid_token Cannot convert access token to JSON”
Spring Security和OAuth2使用自定义授权类型生成令牌
[英]Spring Security and OAuth2 generate token with custom grant type
Java Spring Security:401 令牌 OAuth2 端点未经授权
[英]Java Spring Security: 401 Unauthorized for token OAuth2 end point
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.