Spring OAuth2 check token时获取自定义用户信息

2020年03月17日 905点热度 0人点赞 0条评论

默认Authentication中是只有username的

之前在认证服务器中设置过了tokenEnhancer,返回的信息中是有额外信息的,需求是资源服务器在check token时能够获取用户额外的信息

查看源码,可以看到在RemoteTokenServices中有个AccessTokenConverter,默认实现类是DefaultAccessTokenConverter,可以看到该实现类中有个UserAuthenticationConverter是用来转换Authentication的

实现

实现UserAuthenticationConverter接口

/**
 * @author likole
 */
public class MyUserAuthenticationConverter implements UserAuthenticationConverter {

    private Collection<? extends GrantedAuthority> defaultAuthorities;

    public void setDefaultAuthorities(String[] defaultAuthorities) {
        this.defaultAuthorities = AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils.arrayToCommaDelimitedString(defaultAuthorities));
    }

    @Override
    public Map<String, ?> convertUserAuthentication(Authentication authentication) {
        return null;
    }

    @Override
    public Authentication extractAuthentication(Map<String, ?> map) {
        if (map.containsKey("user_name") && map.containsKey("uid")) {
            User user = new User();
            user.setUsername(String.valueOf(map.get("user_name")));
            user.setId(Long.valueOf((String) map.get("uid")));
            Collection<? extends GrantedAuthority> authorities = this.getAuthorities(map);
            return new UsernamePasswordAuthenticationToken(user, "N/A", authorities);
        } else {
            return null;
        }
    }

    private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map) {
        if (!map.containsKey("authorities")) {
            return this.defaultAuthorities;
        } else {
            Object authorities = map.get("authorities");
            if (authorities instanceof String) {
                return AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities);
            } else if (authorities instanceof Collection) {
                return AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils.collectionToCommaDelimitedString((Collection) authorities));
            } else {
                throw new IllegalArgumentException("Authorities must be either a String or a Collection");
            }
        }
    }
}

配置类

/**
 * @author likole
 */
public class DefaultResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        remoteTokenServices.setClientId("××××××");
        remoteTokenServices.setClientSecret("××××××");
        remoteTokenServices.setCheckTokenEndpointUrl("https://open.likole.com/oauth/check_token");
        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
        defaultAccessTokenConverter.setUserTokenConverter(new MyUserAuthenticationConverter());
        remoteTokenServices.setAccessTokenConverter(defaultAccessTokenConverter);
        resources.tokenServices(remoteTokenServices).stateless(true);
    }
}

likole

人能常清静,天地悉皆归

文章评论