使用spring oauth2框架做授權鑒定,想獲取當前用戶資訊怎么辦?
我們知道spring oauth2是基于spring security的實作的,
spring security可以通過SecurityContextHolder.getContext().getAuthentication().getPrincipal()獲取到當前用戶資訊,
而spring oauth2通過SecurityContextHolder.getContext().getAuthentication().getPrincipal()卻只能拿到當前用戶的用戶名,
然而實際開發程序中,我們較常用到的大部分都是用戶的id,
那么怎么通過配置獲取當前用戶的資訊呢?
首先我們看下,為什么oauth2通過SecurityContextHolder.getContext().getAuthentication().getPrincipal()獲取到的是用戶名?
我們看下原始碼
DefaultUserAuthenticationConverter.java
public Authentication extractAuthentication(Map<String, ?> map) {
// userClaimName是靜態常量:username
if (map.containsKey(userClaimName)) {
Object principal = map.get(userClaimName);
Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
// 原因就是這里,如果userDetailsService為空,回傳的就是用戶名,
if (userDetailsService != null) {
UserDetails user = userDetailsService.loadUserByUsername((String) map.get(userClaimName));
authorities = user.getAuthorities();
principal = user;
}
return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
}
return null;
}
那我們就給這個類,設定userDetailsService,
我們看下這個類的呼叫,
DefaultAccessTokenConverter.java
public class DefaultAccessTokenConverter implements AccessTokenConverter {
// 一開始就被初始化好了,所以不能設定userDetailsService
private UserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
// 但是提供了setter介面,所以我們要做的就是覆寫上面的實體,
public void setUserTokenConverter(UserAuthenticationConverter userTokenConverter) {
this.userTokenConverter = userTokenConverter;
}
}
所以如果是使用DefaultAccessTokenConverter的,代碼可以這么寫
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore)
.authenticationManager(manager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
.userDetailsService(userService)
// .accessTokenConverter(tokenConverter);
DefaultAccessTokenConverter converter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter userAuthenticationConverter
= new DefaultUserAuthenticationConverter();
userAuthenticationConverter.setUserDetailsService(userService);
converter.setUserTokenConverter(userAuthenticationConverter);
endpoints.accessTokenConverter(converter);
}
}
如果是用jwtConverter的話,可以這么改,
定義一個accessTokenConverter繼承DefaultAccessTokenConverter
public class OauthAccessTokenConverter extends DefaultAccessTokenConverter {
public OauthAccessTokenConverter(SecurityUserService userService) {
DefaultUserAuthenticationConverter converter = new DefaultUserAuthenticationConverter();
converter.setUserDetailsService(userService);
super.setUserTokenConverter(converter);
}
}
定義一個jwtConverter繼承JwtAccessTokenConver
public class OauthJwtAccessTokenConverter extends JwtAccessTokenConverter {
public OauthJwtAccessTokenConverter(SecurityUserService userService) {
super.setAccessTokenConverter(new OauthAccessTokenConverter(userService));
}
}
注冊bean
@Configuration
public class TokenConfig {
@Bean
public TokenStore jwtTokenStore(JwtAccessTokenConverter converter) {
return new JwtTokenStore(converter);
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter(SecurityUserService userService) {
JwtAccessTokenConverter accessTokenConverter = new OauthJwtAccessTokenConverter(userService);
accessTokenConverter.setSigningKey("sign_key");
return accessTokenConverter;
}
}
Oauth2認證服務
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager manager;
@Autowired
private SecurityUserService userService;
@Autowired
private TokenStore tokenStore;
@Autowired
private JwtAccessTokenConverter tokenConverter;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore)
.authenticationManager(manager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
.userDetailsService(userService)
.accessTokenConverter(tokenConverter);
}
}
最后就可以像spring security一樣,
使用SecurityContextHolder.getContext().getAuthentication().getPrincipal()獲取用戶資訊了,
2020/09/21
認證端/資源端分離
@Bean
public ResourceServerTokenServices tokenService() {
DefaultAccessTokenConverter converter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter userAuthenticationConverter
= new DefaultUserAuthenticationConverter();
userAuthenticationConverter.setUserDetailsService(userService);
converter.setUserTokenConverter(userAuthenticationConverter);
RemoteTokenServices tokenServices = new RemoteTokenServices();
tokenServices.setAccessTokenConverter(converter);
tokenServices.setClientId("sample_test_client_app");
tokenServices.setClientSecret("secret");
tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
return tokenServices;
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/141132.html
標籤:Java
上一篇:Spring Boot 2.x基礎教程:使用EhCache快取集群
下一篇:CAS底層原理與ABA問題