自定义TokenEnhancer不会向JWT有效负载添加额外的声明
问题说明
我创建了一些TokenEnhancer来向JWT添加额外的声明:
I've created some TokenEnhancer to add extra claim to JWT:
@Component
public class TestTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalJwtProperties = ImmutableMap
.<String, Object>builder()
.put("testProperty", "testValue")
.build();
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalJwtProperties);
return accessToken;
}
}
然后,我已经配置了我的授权服务器,一个:
Then I've configured my authorization server, one:
@Configuration
public class TokenConfig {
private List<TokenEnhancer> tokenEnhancers;
@Autowired
public void setTokenEnhancers(List<TokenEnhancer> tokenEnhancers) {
this.tokenEnhancers = tokenEnhancers;
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("test123");
return converter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
@Bean
public TokenEnhancerChain tokenEnhancerChain() {
TokenEnhancerChain chain = new TokenEnhancerChain();
chain.setTokenEnhancers(allTokenEnhancers());
return chain;
}
private List<TokenEnhancer> allTokenEnhancers() {
TokenEnhancer[] restTokenEnhancers = this.tokenEnhancers.toArray(new TokenEnhancer[this.tokenEnhancers.size()]);
return Lists.asList(accessTokenConverter(), restTokenEnhancers);
}
}
和两个:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
private AuthenticationManager authenticationManager;
private TokenStore tokenStore;
private TokenEnhancerChain tokenEnhancerChain;
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
@Autowired
public void setTokenStore(TokenStore tokenStore) {
this.tokenStore = tokenStore;
}
@Autowired
public void setTokenEnhancerChain(TokenEnhancerChain tokenEnhancerChain) {
this.tokenEnhancerChain = tokenEnhancerChain;
}
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception { // @formatter:off
clients.inMemory()
.withClient("client-example")
.secret("client-secret")
.authorizedGrantTypes("password")
.scopes("message-service")
.autoApprove(true);
} // @formatter:on
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) { // @formatter:off
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.tokenEnhancer(this.tokenEnhancerChain);
} // @formatter:on
}
当我从授权服务器请求访问令牌时,它会通过以下json响应我:
When I request an access token from authorization server, it responds me with follow json:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTk3OTU0NTAsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiODc5NGI1MmUtZTE4NC00MTJiLWIzOTQtYzY0MTBjN2Q4N2QyIiwiY2xpZW50X2lkIjoiY2xpZW50LWV4YW1wbGUiLCJzY29wZSI6WyJtZXNzYWdlLXNlcnZpY2UiXX0.d2P-Z-SBkoH3ktckVWwW7CvHQXIeqxFvWr_far-dzuo",
"token_type": "bearer",
"expires_in": 43200,
"scope": "message-service",
"testProperty": "testValue"
}
我在获得的json中看到"testProperty",但是当我使用"access_token"属性的值并通过检查其内容时, jwt.io JWT的有效负载中的"testProperty"不存在.这是正确的行为吗?
I see the "testProperty" in the obtained json but when I take a value of "access_token" property and check its contents via jwt.io the "testProperty" in the JWT's payload doesn't exist. Is it correct behavior?
正确答案
在TokenEnhancerChain
对象的tokenEnhancers
列表的末尾添加JwtAccessTokenConverter
很重要.
It's important to add a JwtAccessTokenConverter
at the end of list of tokenEnhancers
of TokenEnhancerChain
object.
private List<TokenEnhancer> allTokenEnhancers() {
return ImmutableList
.<TokenEnhancer>builder()
.addAll(this.tokenEnhancers)
.add(accessTokenConverter())
.build();
}
否则,在应用JwtAccessTokenConverter
之后,由另一个TokenEnhancer
添加的所有额外声明将不会被添加到JWT的有效负载部分.
Otherwise, after applying of JwtAccessTokenConverter
all of extra claims which were added by another TokenEnhancer
s won't be added to JWT's payload section.
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /reply/detail/tanhcfjeeh
-
YouTube API 不能在 iOS (iPhone/iPad) 工作,但在桌面浏览器工作正常?
it1352 07-30 -
iPhone,一张图像叠加到另一张图像上以创建要保存的新图像?(水印)
it1352 07-17 -
保持在后台运行的 iPhone 应用程序完全可操作
it1352 07-25 -
使用 iPhone 进行移动设备管理
it1352 07-23 -
在android同时打开手电筒和前置摄像头
it1352 09-28 -
扫描 NFC 标签时是否可以启动应用程序?
it1352 08-02 -
检查邮件是否发送成功
it1352 07-25 -
Android微调工具-删除当前选择
it1352 06-20 -
希伯来语的空格句子标记化错误
it1352 06-22 -
Android App 和三星 Galaxy S4 不兼容
it1352 07-20