时间戳

首页 > 解决方案 > 如何删除 hasAuthority 中的 SCOPE_ 前缀

spring-boot - 如何删除 hasAuthority 中的 SCOPE_ 前缀

问题描述

这是我的象征性回应。但 Spring 自动添加 SCOPE_ 前缀。如何在 Spring Boot 中配置 ScopeVoter.setScopePrefix(String scopePrefix)。请帮助我。谢谢

"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1MkRsOVNTMlREY0M5SkFtZmZ3ZE1BNjJkbFBreDlFMDdRSnhObF9sVDNJIn0.eyJleHAiOjE2MDQwMjM0MDEsImlhdCI6MTYwNDAyMzEwMSwianRpIjoiMTZkMDBjNzEtYTRiZS00MGNhLTk4NjUtZGQxNGVlYmU5MGFjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL21pY3Jvc2VydmljZSIsInN1YiI6IjFkYTEzZGMzLTI0NDUtNGVlNC1iMWE1LTM2NzZjNjIyNjg5NyIsInR5cCI6IkJlYXJlciIsImF6cCI6Im1vYmlsZXJldGFpbCIsInNlc3Npb25fc3RhdGUiOiIyYjM2MzFkYi05ZjAyLTQyMjktOTM4NC1kNDQxYzRjZjY3NTEiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtb2JpbGVyZXRhaWwiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX19LCJzY29wZSI6InBob25lIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudElkIjoibW9iaWxlcmV0YWlsIiwiY2xpZW50SG9zdCI6IjEyNy4wLjAuMSIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1tb2JpbGVyZXRhaWwiLCJjbGllbnRBZGRyZXNzIjoiMTI3LjAuMC4xIn0.L0miTQSm1C_vQdE4DxW4h27R3qphjZ97JVOaoRDkAyiWSu26NpiNH0hBF3_iJ4RUlDm6pjOMQvRntVcpouV7gtTd4Pvi9bkxPI6je-LEhIXHeDsFpMeNIy9T7YyfICsQQULLzwJ9uNDAWcsgSIGAqHcCaHtSh3X3PUyDQtFth8JBqUGESyzqAQ2F2ydtQC4TBe7l6bKeU0hO0rVFWTBOB8KZm4NaV2xgyy3KSkr_iSNctidTyXDQZBIKJsVqUH8uUcCMxsdqVHmMY9i_Sr_GzbMBGNnVeQpvLiqN3yHgwTXJA58Ttt5LL4yOmtJEG7Qj9gESxAmkj1_WKqmhNWp7oA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxOGM5ZmRiNy1mNzQ0LTQ2ZjktODQ4Ni0wMTFjNWVkOWNkZDIifQ.eyJleHAiOjE2MDQwMjQ5MDEsImlhdCI6MTYwNDAyMzEwMSwianRpIjoiOTY5ZGMzZTEtMWVhOC00YThkLWIxOTEtZDhlNDg1YTU2ZWVkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL21pY3Jvc2VydmljZSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9taWNyb3NlcnZpY2UiLCJzdWIiOiIxZGExM2RjMy0yNDQ1LTRlZTQtYjFhNS0zNjc2YzYyMjY4OTciLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoibW9iaWxlcmV0YWlsIiwic2Vzc2lvbl9zdGF0ZSI6IjJiMzYzMWRiLTlmMDItNDIyOS05Mzg0LWQ0NDFjNGNmNjc1MSIsInNjb3BlIjoicGhvbmUgcHJvZmlsZSBlbWFpbCJ9.wZtoxah1dofhZOoMfODG2faFIivjjlTIxVeMJgu_Gm8",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "2b3631db-9f02-4229-9384-d441c4cf6751",
"scope": "phone profile email"

hasAuthority('SCOPE_phone') 工作,但 hasAnyAuthority('phone') 不工作

    @RequestMapping(value = "/user", method = RequestMethod.GET)
    @PreAuthorize("hasAuthority('SCOPE_phone')")
    public ResponseEntity<String> getUser() {
        return ResponseEntity.ok("Hello User");
    }

    @RequestMapping(value = "/test", method = RequestMethod.GET)
    @PreAuthorize("hasAnyAuthority('phone')")
    public ResponseEntity<String> test() {
        return ResponseEntity.ok("Hello test");
    }

标签: spring-bootspring-securityoauth-2.0

解决方案

我在我们的一个应用程序中像下面这样管理它。您是否尝试过自定义 AccessDecisionManager 以使用 NoPrefix 注入 ScopeVoter。因为默认是SCOPE_。因为我找不到 SCOPE_ 前缀的开箱即用配置。

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter {
   
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .and()
            ....
            ....
            ....
            ....
            .permitAll();
        http.authorizeRequests()
            .accessDecisionManager(accessDecisionManager());        // passed custom access decision manager
    }
    @Bean
    public AccessDecisionManager accessDecisionManager() {
        java.util.List<AccessDecisionVoter<? extends Object>> decisionVoters
                = Arrays.asList(
                new WebExpressionVoter(),                        // You can add or remove the Role voters as per need
                new RoleVoter(),                                 // For ROLE_ prefix
                new AuthenticatedVoter(),
                scopeVoterWithNoPrefix()                          // Get instance of ScopeVoter
        );
        return new UnanimousBased(decisionVoters);
    }
    
    @Bean
    public ScopeVoter scopeVoterWithNoPrefix() {
        ScopeVoter scopeVoter = new ScopeVoter();
        scopeVoter.setScopePrefix("")
        return scopeVoter;
    }
}

推荐阅读