Spring Security not returning UserDetails object, only username

后端未结

关注

 1  1762

名媛妹妹 2021-01-21 22:11

I had thought that my authorization implementation was done but when attempting to retrieve the UserDetails object, all I\'m getting is the username.

I\'m using oauth

1条回答

说谎 (楼主)

2021-01-21 22:13

You should configure Spring Security to decode jwt token into MyUser object.

First define a custom OAuth2Authentication to encapsulate MyUser.

public class OAuth2AuthenticationUser extends OAuth2Authentication {

    private MyUser myUser;

    public OAuth2AuthenticationUser(OAuth2Request storedRequest, Authentication userAuthentication) {
        super(storedRequest, userAuthentication);
    }

    public MyUser getMyUser() {
        return myUser;
    }

    public void setMyUser(MyUser) {
        this.myUser= myUser;
    }
}

Then in a Security Configuration class configure jwt token decoding as follows:

@Bean
public JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setSigningKey("SIGNING_KEY");
    converter.setAccessTokenConverter(getAuthenticationAccessTokenConverter());
    return converter;
}

private DefaultAccessTokenConverter getAuthenticationAccessTokenConverter() {
    return new DefaultAccessTokenConverter() {
        @Override
        public OAuth2Authentication extractAuthentication(Map map) {
            OAuth2Authentication authentication = (OAuth2Authentication) super.extractAuthentication(map);

            OAuth2AuthenticationUser authenticationUser =
                    new OAuth2AuthenticationUser(authentication.getOAuth2Request(), authentication.getUserAuthentication());

            MyUser myUser = new MyUser();

            // Example properties
            myUser.setId(map.get("id") != null ? Long.valueOf(map.get("id").toString()) : null);
            myUser.setUsername(map.get("user_name") != null ? map.get("user_name").toString() : null);
            myUser.setFullName(map.get("fullName") != null ? map.get("fullName").toString() : null);
            myUser.setCustomerId(map.get("customerId") != null ? Long.valueOf(map.get("customerId").toString()) : null);
            myUser.setCustomerName(map.get("customerName") != null ? map.get("customerName").toString() : null);

            // More other properties

            authenticationUser.setMyUser(myUser);

            return authenticationUser;
        }
    };
}

And then you have access to MyUser object from Spring Security context as follows:

private static MyUser getMyUser() {
    OAuth2AuthenticationUser authentication = (OAuth2AuthenticationUser) SecurityContextHolder.getContext().getAuthentication();
    return (authentication != null && authentication.getMyUser() != null ? authentication.getMyUser() : new MyUser());
}

This fits well in a stateless environment as database access for user details is minimized and all you need is jwt token.

0 讨论(0)