spring-boot - 如何在 Spring Boot OAuth2 的 SecurityContextHolder 中获取 JWT 令牌？

问题描述

我有一个资源服务器正在接收带有有效承载令牌的请求。我可以@AuthenticationPrincipal Jwt token用于所有需要从令牌中获取声明的请求，或者我应该能够从中获取用户信息SecurityContextHolder？我想从上下文持有者那里得到它。我假设我需要在我的SecurityConfig? 我找不到有关推荐方法的任何信息。

这里的代码适用于一些旧版本的 spring security...我正在使用最新的 spring boot 和 Spring security 5.4.2

@Configuration
@EnableWebSecurity
@Order(1)
public class JwtSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
    private String jwkSetUri;

    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic().disable()
                .formLogin(AbstractHttpConfigurer::disable)
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeRequests(authorize -> authorize
                        .mvcMatchers(HttpMethod.GET, "/test/**").authenticated()
                        .mvcMatchers(HttpMethod.POST, "/test/**").authenticated()
                )
                .oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter());
    }

    private JwtAuthenticationConverter jwtAuthenticationConverter() {
        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
        jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("entGrps");
        jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
        return jwtAuthenticationConverter;
    }

    @Bean
    public JwtDecoder jwtDecoder() {
        return NimbusJwtDecoder.withJwkSetUri(this.jwkSetUri).build();
    }
}

标签： spring-bootspring-securityspring-oauth2