0

我正在爲我的項目使用spring security oauth2的spring引導,我想獲取生成令牌的用戶的用戶詳細信息。而且我也不想調用單獨的API來獲取詳細信息。在彈簧安全中生成令牌時獲取用戶詳細信息oauth2

這是我使用的代碼。

package authorization; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Qualifier; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.Primary; 
import org.springframework.security.authentication.AuthenticationManager; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; 
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; 
import org.springframework.security.oauth2.provider.token.DefaultTokenServices; 
import org.springframework.security.oauth2.provider.token.TokenStore; 
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; 

import authorization.service.CustomUserDetailsService; 

@Configuration 
public class OAuth2ServerConfiguration { 

    private static final String RESOURCE_ID = "restservice"; 

    @Configuration 
    @EnableResourceServer 
    protected static class ResourceServerConfiguration extends 
      ResourceServerConfigurerAdapter { 

     @Override 
     public void configure(ResourceServerSecurityConfigurer resources) { 
      resources 
       .resourceId(RESOURCE_ID); 
     } 

     @Override 
     public void configure(HttpSecurity http) throws Exception { 
      http 
       .authorizeRequests() 
        .anyRequest() 
        .fullyAuthenticated(); 
     } 
    } 

    @Configuration 
    @EnableAuthorizationServer 
    public static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {  

     private TokenStore tokenStore = new InMemoryTokenStore(); 

     @Autowired 
     @Qualifier("authenticationManagerBean") 
     private AuthenticationManager authenticationManager; 

     @Autowired 
     private CustomUserDetailsService userDetailsService; 

     @Override 
     public void configure(AuthorizationServerEndpointsConfigurer endPoints){ 
      endPoints 
       .tokenStore(this.tokenStore) 
       .authenticationManager(this.authenticationManager) 
       .userDetailsService(userDetailsService); 
     } 

     @Override 
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 

      clients 
       .inMemory() 
        .withClient("testuser") 
         .authorizedGrantTypes("password","refresh_token") 
         .authorities("USER") 
         .scopes("read","write") 
         .resourceIds(RESOURCE_ID) 
         .secret("testpassword"); 
     } 

     @Bean 
     @Primary 
     public DefaultTokenServices tokenServices() { 
      DefaultTokenServices tokenServices = new DefaultTokenServices(); 
      tokenServices.setSupportRefreshToken(true); 
      tokenServices.setTokenStore(this.tokenStore); 
      return tokenServices; 
     }  
    } 
} 

回答

0

我找到了答案。

package authorization; 
 

 
import org.springframework.beans.factory.annotation.Autowired; 
 
import org.springframework.beans.factory.annotation.Qualifier; 
 
import org.springframework.context.annotation.Bean; 
 
import org.springframework.context.annotation.Configuration; 
 
import org.springframework.context.annotation.Primary; 
 
import org.springframework.security.authentication.AuthenticationManager; 
 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
 
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 
 
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 
 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 
 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 
 
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; 
 
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 
 
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; 
 
import org.springframework.security.oauth2.provider.token.DefaultTokenServices; 
 
import org.springframework.security.oauth2.provider.token.TokenStore; 
 
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; 
 

 
import authorization.service.CustomUserDetailsService; 
 

 
@Configuration 
 
public class OAuth2ServerConfiguration { 
 

 
\t private static final String RESOURCE_ID = "restservice"; 
 
\t 
 
\t @Configuration 
 
\t @EnableResourceServer 
 
\t protected static class ResourceServerConfiguration extends 
 
\t \t \t ResourceServerConfigurerAdapter { 
 

 
\t \t @Override 
 
\t \t public void configure(ResourceServerSecurityConfigurer resources) { 
 
\t \t \t resources 
 
\t \t \t \t .resourceId(RESOURCE_ID); 
 
\t \t } 
 

 
\t \t @Override 
 
\t \t public void configure(HttpSecurity http) throws Exception { 
 
\t \t \t http 
 
\t \t \t \t .authorizeRequests() 
 
\t \t \t \t \t .anyRequest() 
 
\t \t \t \t \t .fullyAuthenticated(); 
 
\t \t } 
 
\t } 
 
\t 
 
\t @Configuration 
 
\t @EnableAuthorizationServer 
 
\t public static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { \t \t 
 
\t \t 
 
\t \t private TokenStore tokenStore = new InMemoryTokenStore(); 
 
\t \t 
 
\t \t @Autowired 
 
\t \t @Qualifier("authenticationManagerBean") 
 
\t \t private AuthenticationManager authenticationManager; 
 
\t \t 
 
\t \t @Autowired 
 
\t \t private CustomUserDetailsService userDetailsService; 
 
\t \t 
 
\t \t @Override 
 
\t \t public void configure(AuthorizationServerEndpointsConfigurer endPoints){ 
 
\t \t \t endPoints 
 
\t \t \t \t .tokenStore(this.tokenStore) 
 
\t \t \t \t .authenticationManager(this.authenticationManager) 
 
\t \t \t \t .userDetailsService(userDetailsService); 
 
\t \t } 
 
\t \t 
 
\t \t @Override 
 
\t \t public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
 
\t \t \t 
 
\t \t \t clients 
 
\t \t \t \t .inMemory() 
 
\t \t \t \t \t .withClient("testuser") 
 
\t \t \t \t \t \t .authorizedGrantTypes("password","refresh_token") 
 
\t \t \t \t \t \t .authorities("USER") 
 
\t \t \t \t \t \t .scopes("read","write") 
 
\t \t \t \t \t \t .resourceIds(RESOURCE_ID) 
 
\t \t \t \t \t \t .secret("testpassword"); 
 
\t \t } 
 
\t \t 
 
\t \t @Bean 
 
\t \t @Primary 
 
\t \t public DefaultTokenServices tokenServices() { 
 
\t \t \t DefaultTokenServices tokenServices = new DefaultTokenServices(); 
 
\t \t \t tokenServices.setSupportRefreshToken(true); 
 
\t \t \t tokenServices.setTokenStore(this.tokenStore); 
 
\t \t \t tokenServices.setTokenEnhancer(tokenEnhancer()); 
 
\t \t \t return tokenServices; 
 
\t \t } 
 
\t \t // Some @Bean here like tokenStore 
 
\t \t @Bean 
 
\t \t public TokenEnhancer tokenEnhancer() { 
 
\t \t \t return new CustomTokenEnhancer(); 
 
\t \t } 
 

 
\t \t public class CustomTokenEnhancer implements TokenEnhancer { 
 
\t \t \t @Override 
 
\t \t \t public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { 
 
\t \t \t \t User user = (User) authentication.getPrincipal(); 
 

 
\t \t \t \t final Map<String, Object> additionalInfo = new HashMap<>(); 
 

 
\t \t \t \t additionalInfo.put("User", userDetailsService.viewProfile(user.getUsername())); 
 

 
\t \t \t \t ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo); 
 

 
\t \t \t \t return accessToken; 
 
\t \t \t } 
 
\t \t } \t \t 
 
\t } 
 
}

相關問題