在资源服务器控制器中访问Spring OAuth 2 JWT有效负载? [英] Accessing a Spring OAuth 2 JWT payload inside the Resource Server controller?

问题描述

我正在通过本教程来了解如何设置spring boot oauth与jwt.它涵盖了使用Angular解码JWT令牌，但是我们如何解码它并在Resource Server控制器中访问自定义声明呢?

I'm going through this tutorial on how to setup spring boot oauth with jwt. It covers decoding the JWT token using Angular, but how do we decode it and get access to custom claims inside the Resource Server controller?

例如，使用JJWT可以做到这一点(基于本文):

For example with JJWT it can be done like this (Based on this article):

    String subject = "HACKER";
    try {
        Jws jwtClaims = 
            Jwts.parser().setSigningKey(key).parseClaimsJws(jwt);

        subject = claims.getBody().getSubject();

        //OK, we can trust this JWT

    } catch (SignatureException e) {

        //don't trust the JWT!
    }

Spring的

And Spring has a JWTAccessTokenConverter.decode() method, but the javadoc is lacking, and it is protected.

推荐答案

这是我在Spring Boot中访问自定义JWT声明的方式:

Here is how I am accessing custom JWT claims in Spring Boot:

1)获取Spring以将JWT内容复制到Authentication:

1) Get Spring to copy JWT content into Authentication:

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends ResourceServerConfigurerAdapter{

    @Override
    public void configure(ResourceServerSecurityConfigurer config) {
        config.tokenServices( createTokenServices() );
    }

    @Bean
    public DefaultTokenServices createTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore( createTokenStore() );
        return defaultTokenServices;
    }

    @Bean
    public TokenStore createTokenStore() {               
        return new JwtTokenStore( createJwtAccessTokenConverter() );
    }

    @Bean
    public JwtAccessTokenConverter createJwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();     
        converter.setAccessTokenConverter( new JwtConverter() );
        return converter;
    }

    public static class JwtConverter extends DefaultAccessTokenConverter implements JwtAccessTokenConverterConfigurer {

        @Override
        public void configure(JwtAccessTokenConverter converter) {
            converter.setAccessTokenConverter(this);
        }

        @Override
        public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
            OAuth2Authentication auth = super.extractAuthentication(map);
            auth.setDetails(map); //this will get spring to copy JWT content into Authentication
            return auth;
        }
    }
}

2)在代码中的任何位置访问令牌内容:

2) Access token content anywhere in your code:

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();        
Object details = authentication.getDetails();        
if ( details instanceof OAuth2AuthenticationDetails ){
    OAuth2AuthenticationDetails oAuth2AuthenticationDetails = (OAuth2AuthenticationDetails)details;

    Map<String, Object> decodedDetails = (Map<String, Object>)oAuth2AuthenticationDetails.getDecodedDetails();

    System.out.println( "My custom claim value: " + decodedDetails.get("MyClaim") );
}  

这篇关于在资源服务器控制器中访问Spring OAuth 2 JWT有效负载?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！