最近在做SpringSecurityOAuth2的自定义ClientDetails目前实现了两种方式
- 实现 ClientDetailsService 并把值传入BaseClientDetails然后返回
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
AuthClient authClient = authClientService.loadClientByClientId(clientId);
BaseClientDetails details = new BaseClientDetails(authClient.getClientId(),
authClient.getResourceIds(),
authClient.getScopes(),
authClient.getAuthorizedGrantTypes(),
authClient.getAuthorities(),
authClient.getRedirectUris());
details.setClientSecret(authClient.getClientSecret());
return details;
}
- 先实现ClientDetails 然后再实现 ClientDetailsService
ClientDetails
public class MyClientDetails implements ClientDetails {
private AuthClientDetails client;
public MyClientDetails(AuthClientDetails client) {
this.client = client;
}
public MyClientDetails() {
}
/**
* The client id.
*
* @return The client id.
*/
@Override
public String getClientId() {
return client.getClientId();
}
......
ClientDetailsService
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
AuthClientDetails clientDetails = authClientDetailsMapper.selectClientDetailsByClientId(clientId);
if (clientDetails == null) {
throw new ClientRegistrationException("该客户端不存在");
}
MyClientDetails details = new MyClientDetails(clientDetails);
return details;
}
相对而言,第二种方式灵活性会高很多,在使用过程中遇到一个问题使用最简依赖的自定义ClientDetails 无法返回token,并且返回的是空值。 ClientDetailsUserDetailsService 的loadUserByUsername 方法 报错
经过debug分析,问题出来在了自定义的ClientDetails的权限集合返回值的问。
出错写法
@Override
public Collection<GrantedAuthority> getAuthorities() {
return (client.getAuthorities() != null && client.getAuthorities().trim().length() > 0) ?
AuthorityUtils.commaSeparatedStringToAuthorityList(client.getAuthorities()) : null;
}
该写法会导致Cannot pass a null GrantedAuthority collection 错误,无法生存token但是不会有任何的报错
正确写法
@Override
public Collection<GrantedAuthority> getAuthorities() {
return (client.getAuthorities() != null && client.getAuthorities().trim().length() > 0) ?
AuthorityUtils.commaSeparatedStringToAuthorityList(client.getAuthorities()) : Collections.emptyList();
}