在getAccount JHipster 6.0.1中无法识别OAuth2AuthenticationToken

时间:2019-06-04 04:53:04

标签: java jhipster spring-security-oauth2 keycloak

我有一个对我的JHipster整体应用进行OAuth2身份验证的本地android客户端。它可以与JHipster版本login_from一起正常使用,但是现在我正在使用版本5.7.2,并且无法通过在6.0.1类中使用getAccount(Principal principal)方法来获取当前用户。 keycloak发送的对象不是AccountResource类的实例,所以我得到了OAuth2AuthenticationToken

在以前的版本中,我曾经获得过运行良好的Exception "User could not be found"对象。 我以前收到的对象是这样的:

OAuth2Authentication

这里是我现在收到的{ "storedRequest": { "resourceIds": [ ], "authorities": [ ], "approved": true, "responseTypes": [ ], "extensions": { }, "clientId": "web_app", "scope": [ ], "requestParameters": { } }, "userAuthentication": { "principal": "Admin Administrator", "credentials": "N/A", "authorities": [ { "role": "ROLE_USER" } ], "details": { "sub": "f348bbbb-9441-4543-9940-9da31e50d877", "email_verified": true, "roles": [ "offline_access", "ROLE_ADMIN", "uma_authorization" ], "name": "Admin Administrator", "preferred_username": "admin", "given_name": "Admin", "family_name": "Administrator", "email": "admin@localhost" }, "authenticated": true }, "authorities": [ { "role": "ROLE_USER" } ], "details": { "remoteAddress": "192.168.0.14", "tokenValue": "eyJhbGciOiJ...", "tokenType": "Bearer", "display": "remoteAddress\u003d192.168.0.14, tokenType\u003dBearertokenValue\u003d\u003cTOKEN\u003e" }, "authenticated": true } 版本的对象:

6.0.1

我希望收到的 "token": { "headers": { "kid": "w4uKMWW49GwLl-gakp9tAo6su7nAdddpo9Ul1pYABJo", "typ": "JWT", "alg": "RS256" }, "claims": { "sub": "f348bbbb-9441-4543-9940-9da31e50d877", "resource_access": { "web_app": { "roles": [ "ROLE_USER", "ROLE_ADMIN" ] }, "account": { "roles": [ "manage-account", "manage-account-links", "view-profile" ] } }, "email_verified": true, "allowed-origins": [ "*" ], "iss": "http://192.168.0.12:9080/auth/realms/jhipster", "typ": "Bearer", "preferred_username": "admin", "given_name": "Admin", "aud": [ "web_app", "account" ], "acr": "0", "nbf": { "seconds": 0, "nanos": 0 }, "realm_access": { "roles": [ "offline_access", "ROLE_ADMIN", "uma_authorization" ] }, "azp": "android_app", "auth_time": 1559622495, "scope": "openid profile email jhipster", "name": "Admin Administrator", "exp": { "seconds": 1559622877, "nanos": 0 }, "session_state": "6c756fb9-c335-4a23-9c50-ed5adeb42456", "iat": { "seconds": 1559622577, "nanos": 0 }, "family_name": "Administrator", "jti": "6fe0962c-18c1-471e-b4c0-ad3afda12b46", "email": "admin@localhost" }, "tokenValue": "eyJhbG...", "issuedAt": { "seconds": 1559622577, "nanos": 0 }, "expiresAt": { "seconds": 1559622877, "nanos": 0 } }, "authorities": [ { "role": "SCOPE_openid" }, { "role": "SCOPE_profile" }, { "role": "SCOPE_email" }, { "role": "SCOPE_jhipster" } ], "details": { "remoteAddress": "192.168.0.14" }, "authenticated": true } 对象是Principal的实例。有什么建议吗?

1 个答案:

答案 0 :(得分:0)

好吧,我意识到我得到的对象是一个wbCopy,所以我对JwtAuthenticationToken方法进行了一些修改,以在获取这种类型的令牌时实现窍门。收到JwtAuthenticationToken时,我还为getAccount()添加了一个新的参数选项。

getUserFromAuthentication()
@GetMapping("/account")
    @SuppressWarnings("unchecked")
    public UserDTO getAccount(Principal principal) {
        if (principal instanceof OAuth2AuthenticationToken) {
            return userService.getUserFromAuthentication((OAuth2AuthenticationToken) principal);
        } else if (principal instanceof JwtAuthenticationToken) {
            return userService.getUserFromAuthentication((JwtAuthenticationToken) principal);
        } else {
            throw new AccountResourceException("User could not be found");
        }
    }
相关问题
最新问题