我有一个由Spring Security配置的单片应用程序。有User user = (User)SecuritycontextHolder.getContext().getAuthentication().getPrincipal()个代码可用于获得身份验证的用户,并且此代码可以正常工作。
使用以下配置迁移到oauth2后:
@EnableResourceServer
@EnableWebSecurity
@Configuration
public class ResourcesServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/**").access("#oauth2.hasScope('read')");
}
@Primary
@Bean
public RemoteTokenServices tokenService() {
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl("http://localhost:8081/auth/account/getDetailUser");
tokenService.setClientId("web");
tokenService.setClientSecret("secret");
return tokenService;
}
它的application.yml是:
spring:
datasource:
url: jdbc:oracle:thin:@192.168.192.129:1521:hamed
hikari:
connection-test-query: SELECT 1 FROM DUAL
minimum-idle: 1
maximum-pool-size: 5
driver-class-name: oracle.jdbc.OracleDriver
username: test
password: test
initialization-mode: always
jpa:
hibernate:
ddl-auto: none
database-platform: org.hibernate.dialect.Oracle12cDialect
logging:
level:
org.springframework.security: DEBUG
server:
port: 8083
context-path: /micro1
security:
basic:
enabled: false
oauth2:
client:
clientId: web
clientSecret: secret
accessTokenUri: http://localhost:8081/auth/oauth/token
userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
resource:
userInfoUri: http://localhost:8081/auth/account/getDetailUser
(User)SecuritycontextHolder.getContext().getAuthentication().getPrincipal()在资源服务器中不起作用。另一方面,如何从授权服务器获取资源服务器中已认证用户的权限和其他信息。