定义TokenEnhancer不会向JWT有效负载中添加额外的声

定义TokenEnhancer不会向JWT有效负载中添加额外的声

关注
发信
关注(28)粉丝(399)

自定义TokenEnhancer不会向JWT有效负载中添加额外的声明

本文介绍了自定义TokenEnhancer不会向JWT有效负载中添加额外的声明的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我创建了一些TokenEnhancer来向JWT添加额外的声明:

I've created some TokenEnhancer to add extra claim to JWT:

@Component
public class TestTokenEnhancer implements TokenEnhancer {

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {

        final Map<String, Object> additionalJwtProperties = ImmutableMap
                .<String, Object>builder()
                .put("testProperty", "testValue")
                .build();

        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalJwtProperties);

        return accessToken;
    }
}

然后,我已经配置了我的授权服务器,一个:

Then I've configured my authorization server, one:

@Configuration
public class TokenConfig {

    private List<TokenEnhancer> tokenEnhancers;

    @Autowired
    public void setTokenEnhancers(List<TokenEnhancer> tokenEnhancers) {
        this.tokenEnhancers = tokenEnhancers;
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("test123");
        return converter;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    @Bean
    public TokenEnhancerChain tokenEnhancerChain() {
        TokenEnhancerChain chain = new TokenEnhancerChain();
        chain.setTokenEnhancers(allTokenEnhancers());
        return chain;
    }

    private List<TokenEnhancer> allTokenEnhancers() {
        TokenEnhancer[] restTokenEnhancers = this.tokenEnhancers.toArray(new TokenEnhancer[this.tokenEnhancers.size()]);
        return Lists.asList(accessTokenConverter(), restTokenEnhancers);
    }
}

和两个:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private AuthenticationManager authenticationManager;
    private TokenStore tokenStore;
    private TokenEnhancerChain tokenEnhancerChain;

    @Autowired
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Autowired
    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    @Autowired
    public void setTokenEnhancerChain(TokenEnhancerChain tokenEnhancerChain) {
        this.tokenEnhancerChain = tokenEnhancerChain;
    }

    @Override
    public void configure(final ClientDetailsServiceConfigurer clients) throws Exception { // @formatter:off
        clients.inMemory()
          .withClient("client-example")
          .secret("client-secret")
          .authorizedGrantTypes("password")
          .scopes("message-service")
          .autoApprove(true);
    } // @formatter:on

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) { // @formatter:off
        endpoints
          .tokenStore(this.tokenStore)
          .authenticationManager(this.authenticationManager)
          .tokenEnhancer(this.tokenEnhancerChain);
    } // @formatter:on
}

当我从授权服务器请求访问令牌时,它会通过以下json响应我:

When I request an access token from authorization server, it responds me with follow json:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTk3OTU0NTAsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiODc5NGI1MmUtZTE4NC00MTJiLWIzOTQtYzY0MTBjN2Q4N2QyIiwiY2xpZW50X2lkIjoiY2xpZW50LWV4YW1wbGUiLCJzY29wZSI6WyJtZXNzYWdlLXNlcnZpY2UiXX0.d2P-Z-SBkoH3ktckVWwW7CvHQXIeqxFvWr_far-dzuo",
  "token_type": "bearer",
  "expires_in": 43200,
  "scope": "message-service",
  "testProperty": "testValue"
}

我在获得的json中看到"testProperty",但是当我使用"access_token"属性的值并通过检查其内容时, jwt.io JWT的有效负载中的"testProperty"不存在.这是正确的行为吗?

I see the "testProperty" in the obtained json but when I take a value of "access_token" property and check its contents via jwt.io the "testProperty" in the JWT's payload doesn't exist. Is it correct behavior?

推荐答案

TokenEnhancerChain对象的tokenEnhancers列表的末尾添加JwtAccessTokenConverter很重要.

It's important to add a JwtAccessTokenConverter at the end of list of tokenEnhancers of TokenEnhancerChain object.

private List<TokenEnhancer> allTokenEnhancers() {
    return ImmutableList
            .<TokenEnhancer>builder()
            .addAll(this.tokenEnhancers)
            .add(accessTokenConverter())
            .build();
}

否则,在应用JwtAccessTokenConverter之后,由另一个TokenEnhancer添加的所有额外声明将不会被添加到JWT的有效负载部分.

Otherwise, after applying of JwtAccessTokenConverter all of extra claims which were added by another TokenEnhancers won't be added to JWT's payload section.

这篇关于自定义TokenEnhancer不会向JWT有效负载中添加额外的声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 16:45
Powered by LMLPHP ©2024 定义TokenEnhancer不会向JWT有效负载中添加额外的声 0.041652