java - Spring Security OAuth2 - URLEncoded输入键值自动附加到令牌响应json中
问题描述
我正在使用 Spring-Security OAuth2 - Password Grant 来获取 JWT 访问和刷新令牌。
我在请求中将一些额外的 URLEncoded 键/值传递给 /oauth/token - 这样我就可以将它们作为附加声明添加到生成的 JWT 访问和刷新令牌中。
TokenEnhancer 将它们作为附加声明添加到生成的 JWT 访问和刷新令牌中;但问题是这些也被添加到响应 JSON 中——我不想这样做。如何防止它被附加在响应中?
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
configurer
.inMemory()
.withClient(CLIEN_ID)
.secret(passwordEncoder().encode(CLIENT_SECRET))
.authorizedGrantTypes(GRANT_TYPE_PASSWORD, REFRESH_TOKEN)
.scopes(SCOPE_READ, SCOPE_WRITE, TRUST)
.accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
.refreshTokenValiditySeconds(REFRESH_TOKEN_VALIDITY_SECONDS);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
endpoints.tokenStore(tokenStore()).tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager);
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter( new JwtConverter() );
converter.setSigningKey("abcdefghijklmnopqrstuvwxyz1234567890");
return converter;
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserAttributesMap userAttributesMapper() {
return new UserAttributesMap();
}
public static class JwtConverter extends DefaultAccessTokenConverter implements JwtAccessTokenConverterConfigurer {
@Override
public void configure(JwtAccessTokenConverter converter) {
converter.setAccessTokenConverter(this);
}
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
OAuth2Authentication auth = super.extractAuthentication(map);
auth.setDetails(map);
return auth;
}
}
}
public class CustomTokenEnhancer implements TokenEnhancer {
@Autowired
private UserAttributesMap userAttributesMap;
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("DateOfBirth", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("dob"));
additionalInfo.put("PAN_Number", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("pan"));
additionalInfo.put("Address_Line_1", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("addr1"));
additionalInfo.put("Address_Line_2", oAuth2Authentication.getOAuth2Request().getRequestParameters().get("addr2"));
((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(additionalInfo);
return oAuth2AccessToken;
}
}
解决方案
@dur 建议的解决方案有效...
推荐阅读
- amazon-web-services - 从 CLI 将 Auto-Scaling 策略附加到 ECS 服务
- c++ - 宝宝起名人气节目
- android - Exoplayer 的渲染器的解码器不符合所选轨道的格式
- google-cloud-platform - 如何使用/实现创建的 Google Cloud API
- php - 从 div 标签上传多个文件 PHP
- c# - F# fsharp 与 C# 库 (CsvHelper) 的互操作
- c# - 当我尝试调试我的多线程应用程序时,Unity 编辑器冻结
- java - 如何加快通过套接字的数据传输?
- python - 处理嵌套字典的最快方法
- ios - iOS 与 Swift 的 String .isEmpty 的兼容性