具有JWT自定义UserDetails的Spring OAuth-在JwtAccessTokenConverter中设置主体 [英] Spring OAuth with JWT custom UserDetails - Set Principal inside JwtAccessTokenConverter
问题描述
从OAuth授权服务器发送一些其他信息,这是Resource Server上自定义UserDetails类内(最好是SpringSecurity Principal内)所需的.
Some additional info is sent from OAuth Authorization Server that is needed inside a custom UserDetails class on Resource Server, and preferably inside SpringSecurity Principal.
当前方法是将用户名设置为Principal,并添加其他信息作为Authentication对象的其他详细信息.
Current approach is setting a username as Principal and adding additional info as an additional details of Authentication object like this.
public class CustomAccessTokenConverter extends JwtAccessTokenConverter{
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> claims) {
OAuth2Authentication authentication = super.extractAuthentication(claims);
CustomUserDetails userDetails = new CustomUserDetails ();
userDetails.setUserId(((Integer)claims.get("id")).longValue());
userDetails.setName((String) claims.get("name"));
userDetails.setLastName((String) claims.get("lastName"));
authentication.setDetails(userDetails);
return authentication;
}
}
这种方法的好处是我们可以从应用程序内的任何位置访问自定义UserDetails.糟糕的是,Pricipal对象被限制为仅用户名,而我们需要更多代码来访问自定义UserDetails.
The good thing about this approach is we can access custom UserDetails from anywhere inside the app. The bad thing is that Pricipal object is stuck on being only users username, and we need a lot more code to access custom UserDetails.
// preferable way
(UserAuthDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
// current solution
(UserAuthDetails) ((OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails()).getDecodedDetails();
是否有一种更干净的解决方案可以使用JwtAccessTokenConverter,但是仍然可以将Principal设置为自定义UserDetails,而不是将其设置为(无用的)用户名并发送其他信息作为Authentication对象的详细信息?
Is there a cleaner solution to use JwtAccessTokenConverter but still be able to set Principal as custom UserDetails instead of setting it to (useless) username and sending additional info as details of Authentication object?
推荐答案
我不能说这是否是首选解决方案,但是我自己尝试解决同一件事后,最终扩展了DefaultUserAuthenticationConverter.
I can not say if this is the preferred solution, but after trying to solve the same thing myself, I ended up extending the DefaultUserAuthenticationConverter.
所以你可以做这样的事情
So you can do something like this
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
DefaultAccessTokenConverter defaultConverter = new DefaultAccessTokenConverter();
defaultConverter.setUserTokenConverter(new CustomUserAuthenticationConverter());
JwtAccessTokenConverter jwtConverter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter(defaultConverter);
return converter;
}
然后DefaultUserAuthenticationConverter不能很好地扩展,因为大多数方法和属性都是私有的.但这是一个例子
Then the DefaultUserAuthenticationConverter is not very extendable since most methods and properties are private. But here is an example
public class CustomUserAuthenticationConverter extends DefaultUserAuthenticationConverter {
private static final String CUST_PROP = "custProp";
@Override
public Authentication extractAuthentication(Map<String, ?> map) {
if (map.containsKey(USERNAME) && map.containsKey(CUST_PROP)) {
String username = (String) map.get(USERNAME);
String custProp = (String) map.get(CUST_PROP);
CustomPrincipal principal = new CustomPrincipal();
pricipal.setUsername(username);
pricipal.setCustomProp(custProp);
Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
return new UsernamePasswordAuthenticationToken(user, "N/A", authorities);
}
return null;
}
private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map) {
//Copy this method from DefaultUserAuthenticationConverter or create your own.
}
}
这篇关于具有JWT自定义UserDetails的Spring OAuth-在JwtAccessTokenConverter中设置主体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
