Question

我使用OAuth2AccessToken增强功能设置了其他信息。我可以在令牌中看到其他信息，但是如何在我的服务类中获取该列表？

public final class CustomTokenEnhancer implements TokenEnhancer {

    @Override
    public OAuth2AccessToken enhance(
            OAuth2AccessToken accessToken,
            OAuth2Authentication authentication) {
        Map<String, Object> additionalInfo = new HashMap<>();

        List<String> companies = new ArrayList<>();
        companies.add("Company 1");
        companies.add("Company 2");
        companies.add("Company 3");

        additionalInfo.put("companies", companies);

        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
        return accessToken;
    }
}

我尝试从安全上下文中获取身份验证并将其级联到Oauth2Authentication，但该对象没有其他信息列表。

SecurityContext securityContext = SecurityContextHolder.getContext();
OAuth2Authentication oauth = (OAuth2Authentication)securityContext.getAuthentication();

Answer 1

这是我获取名为department的其他信息的方式：

@PreAuthorize("hasAuthority('ROLE_ACCOUNTS') and #oauth2.hasScope('READ')")
@GetMapping()
public List<Account> getAll(OAuth2Authentication principal) {

    OAuth2AuthenticationDetails auth2AuthenticationDetails = (OAuth2AuthenticationDetails) principal.getDetails();
    Map<String, Object> details = tokenStore.readAccessToken(auth2AuthenticationDetails.getTokenValue()).getAdditionalInformation();
    String department= (String) details.get("department");
    return accountService.getAllAccounts(department);
}

如何从OAuth2获取AdditionaInformation List

1 个答案: