[英]Spring boot resource server principal name
我有一個 Keycloak 服務器在運行。 和一個 spring 啟動應用程序作為資源服務器。 我可以進行身份驗證並獲取令牌,spring 啟動應用程序將接受令牌。 但是當我想從委托人那里獲取用戶名時,我會得到一個 UUID 而不是我的 email 或用戶名。 我還在我的密鑰斗篷中添加了一個映射器,將 preferred_username 映射到用戶名。 它正在工作。
JWT 資料
...
"scope": "openid profile email",
"email_verified": true,
"username": "test@test.com",
"DOB": "12345",
"name": "test test",
"preferred_username": "test@test.com",
"given_name": "test",
"family_name": "test",
"email": "test@test.com"
}
我的 spring 應用程序屬性:
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8080/auth/realms/test
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class JWTSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authz -> authz
.anyRequest().permitAll().permitAll())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}
Spring 安全將 JWT 令牌作為主體保存到 SecurityContextHolder。 例如,以下代碼將返回您要查找的用戶名。
...
import org.springframework.security.oauth2.jwt.Jwt;
...
@GetMapping(value = "current-user", produces = "application/json")
ResponseEntity<String> getLoggedInUser() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Jwt principal = (Jwt) authentication.getPrincipal();
String currentUserName = principal.getClaimAsString("username");
return new ResponseEntity<String>(currentUserName, HttpStatus.OK);
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.