未调用Spring安全客户令牌增强器

时间:2016-10-13 10:16:02

标签: java spring spring-security spring-oauth2

我已使用java配置添加了自定义令牌增强器,如下所示

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource).withClient("abcd").secret("secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust") 
                .accessTokenValiditySeconds(60 * 60 * 24 * 1) 
                .refreshTokenValiditySeconds(60 * 60 * 24 * 30); 
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
        endpoints.tokenStore(tokenStore()).tokenEnhancer(tokenEnhancerChain).userApprovalHandler(userApprovalHandler)
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").realm(REALM);
    }

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    public TokenEnhancer tokenEnhancer() {
        return new CustomTokenEnhancer();
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("123");
        return converter;
    }

}

自定义令牌增强器

下方 
public class CustomTokenEnhancer implements TokenEnhancer {
    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        final Map<String, Object> additionalInfo = new HashMap<>();
        additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
        return accessToken;
    }

}

我在调试时运行了应用程序,并在CustomTokenEnhancer的增强方法上有一个调试点。现在当我点击生成令牌的oauth / token方法时,它不会进入增强方法。

请告知我是否遗漏了任何内容。

4 个答案:

答案 0 :(得分:2)

未调用您的CustomTokenEnhancer,因为您使用的是JdbcTokenStore,并且某些访问令牌已缓存在数据库中。

手动删除该表 oauth_access_token 中的记录,然后重试。

请参阅此问题以供参考:https://github.com/spring-projects/spring-security-oauth/issues/1371

答案 1 :(得分:1)

我没有看到你在任何地方分配令牌增强器。据我记得你需要这样的东西:

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints
        // some code here
        .tokenEnhancer(tokenEnhancer());
}

@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
    DefaultTokenServices tokenServices = new DefaultTokenServices();
    // some code here as well
    tokenServices.setTokenEnhancer(tokenEnhancer());
    return tokenServices;
}

// Beans beans beans

@Bean
public TokenEnhancer tokenEnhancer() {
    return new CustomTokenEnhancer();
}

之后你应该让你的令牌增强器参与进来。

答案 2 :(得分:1)

假设您的客户增强器是CustomTokenEnhancer。

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints){
            TokenEnhancerChain enhancerChain = new TokenEnhancerChain();

            enhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter));
            endpoints.tokenStore(tokenStore)
                    .accessTokenConverter(accessTokenConverter)
                    .tokenEnhancer(enhancerChain)
                    .authenticationManager(authenticationManager).tokenGranter(tokenGranter(endpoints));
        }

        @Bean
        public TokenEnhancer tokenEnhancer() {
            return new CustomTokenEnhancer();
        }

答案 3 :(得分:0)

即使我实现了以下操作,我也遇到了同样的问题:

public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
    final Map<String, Object> additionalInfo = new HashMap<>();
    additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
    ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
    return accessToken;
}

}

无法调用令牌增强器,因为表 oauth_access_token 中有一个对应于spring oauth默认表的寄存器,我解决了这个问题,只是删除了与client-id和username相对应的记录。

相关问题
最新问题