spring-boot - 生成带有对 JUnit 测试的附加声明的生成 OAuth2 访问令牌
问题描述
我使用 OAuth2 保护了 Spring Boot REST API。我的身份验证服务器和资源服务器是两个应用程序。所有 REST API 安全性都可以与 REST 客户端一起正常工作。然后我需要编写安全测试用例。我使用以下代码生成访问令牌。一些端点需要在 REST 方法中手动添加声明。程序给出了有效的访问令牌,但声明不包含在此令牌中。
private String generateToken(String... authorities) {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
tokenService = new DefaultTokenServices();
JwtTokenStore jwtTokenStore = new JwtTokenStore(converter);
tokenService.setTokenStore(jwtTokenStore);
tokenService.setTokenEnhancer(converter);
Collection<GrantedAuthority> grantAuthorities = new ArrayList<>();
if (authorities != null) {
for (String authority: authorities) {
grantAuthorities.add(new SimpleGrantedAuthority(authority));
}
}
Set<String> resourceIds = Collections.emptySet();
Set<String> scopes = Collections.emptySet();
Map<String, String> requestParameters = Collections.emptyMap();
boolean approved = true;
String redirectUrl = null;
Set<String> responseTypes = Collections.emptySet();
Map<String, Serializable> extensionProperties = Collections.emptyMap();
OAuth2Request oAuth2Request = new OAuth2Request(requestParameters, "web-client", grantAuthorities,
approved, scopes, resourceIds, redirectUrl, responseTypes, extensionProperties);
User userPrincipal = new User("user", "", true, true,
true, true, grantAuthorities);
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(userPrincipal, null, grantAuthorities);
OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken);
OAuth2AccessToken accessToken = tokenService.createAccessToken(auth);
Map<String, Object> claims = new HashMap<>();
List<Long> tenantIds = new ArrayList<>();
tenantIds.add(1L);
claims.put("role", 1L);
claims.put("tenants", tenantIds);
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(claims);
return accessToken.getValue();
}
我如何向此令牌添加声明。
解决方案
终于找到了解决办法。将TokenEnhancerChain添加到代码中
以下是最终代码
private String generateToken(String... authorities) {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
tokenService = new DefaultTokenServices();
JwtTokenStore jwtTokenStore = new JwtTokenStore(converter);
tokenService.setTokenStore(jwtTokenStore);
Collection<GrantedAuthority> grantAuthorities = new ArrayList<>();
if (authorities != null) {
for (String authority: authorities) {
grantAuthorities.add(new SimpleGrantedAuthority(authority));
}
}
Set<String> resourceIds = Collections.emptySet();
Set<String> scopes = Collections.emptySet();
Map<String, String> requestParameters = Collections.emptyMap();
boolean approved = true;
String redirectUrl = null;
Set<String> responseTypes = Collections.emptySet();
Map<String, Serializable> extensionProperties = Collections.emptyMap();
OAuth2Request oAuth2Request = new OAuth2Request(requestParameters, "web-client", grantAuthorities,
approved, scopes, resourceIds, redirectUrl, responseTypes, extensionProperties);
User userPrincipal = new User("user", "", true, true,
true, true, grantAuthorities);
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(userPrincipal, null, grantAuthorities);
OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken);
Map<String, Object> claims = new HashMap<>();
List<Long> tenantIds = new ArrayList<>();
tenantIds.add(1L);
claims.put("role", 1L);
claims.put("tenants", tenantIds);
OAuth2AccessToken accessToken = tokenService.createAccessToken(auth);
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(
Arrays.asList(new CustomTokenEnhancer(), converter));
accessToken = tokenEnhancerChain.enhance(accessToken, auth);
return accessToken.getValue();
}
重要提示:添加 JwtAccessTokenConverter 作为令牌增强器列表的最后一个元素
以下是 CustomTokenEnhancer 类。
public class CustomTokenEnhancer extends JwtAccessTokenConverter {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map<String, Object> claims = new HashMap<>();
List<Long> tenantIds = new ArrayList<>();
tenantIds.add(1L);
claims.put("role", 1L);
claims.put("tenants", tenantIds);
claims.put("userId", "admin@abc.com");
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(claims);
return accessToken;
}
}
推荐阅读
- rust - 如何更改 Piston2D / PistonWindow / GlutinWindow 中的光标图标?
- javascript - 字符串对象和 Promise 之间的深度相等
javascript中的对象 - javascript - angular-route.min.js 的问题 | 错误 Chrome 控制台 [$injector:modulerr]
- c++ - 我可以使用 printf 打印 c++ 字符串数组的元素吗
- json - 单独的角度循环值
- javascript - 如何对json中的项目进行分组?
- arrays - 从 Firestore Swift 获取每个用户的文档
- label - 如何为 Prestashop 1.7.7.0 中的每个地址表单字段添加附加标签?
- django - 将 Vue 文件与 Django 模板链接
- android - 网络请求失败 - 从 localhost ReactNative 获取