当我在return语句中使用super.enhance(token,auth),同时覆盖JwtAccessTokenConverter的Enhance()方法时,会出现问题。当我仅返回令牌时,它工作正常。但是,additionalInfo仅显示在/ oauth / token服务的响应主体上,而不显示在JWT有效负载中。
而且,当我返回super.enhance(token,auth)时,additionalInfo被添加到JWT有效负载中(我在jwt.io处进行了检查)。但是,现在令牌不可解析。
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
enhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter(), xyAuthTokenEnhancer2));
endpoints
.tokenStore(tokenStore())
.accessTokenConverter(accessTokenConverter())
.authenticationManager(this.authenticationManager)
.userDetailsService(userDetailsService);
}
我正在尝试如下增强访问令牌:
@Configuration
@Component
public class CustomJwtConverter extends JwtAccessTokenConverter {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
XYUser user = (XYUser) authentication.getPrincipal();
additionalInfo.put("userId", user.getUserId());
additionalInfo.put("firstName", user.getFirstName());
additionalInfo.put("lastName", user.getLastName());
additionalInfo.put("companyId", user.getCompanyId());
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return super.enhance(accessToken, authentication);
}
}
所以,请帮忙。为什么令牌在增强后无法解析以及如何解决? 而且,我遵循了本教程:Spring cloud security with OAuth2
答案 0 :(得分:0)
我认为您在configure方法上犯了一个错误。 您错过了终结点对象中的EnhancerChain 我的示例使用以下配置方法正常工作。
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
enhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
endpoints.tokenStore(tokenStore)
.accessTokenConverter(accessTokenConverter)
.tokenEnhancer(enhancerChain)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}