Java 生成自定义jwt令牌并验证用户,Spring Security
情况:我有一个来自另一个API的令牌,其中包含用户信息,并且用户已经登录。我想验证这个用户信息(已经提取)并用我的spring安全应用程序生成一个令牌 注意:我使用的是Jwt自定义enchancer,很抱歉是新手发布的方式 我的安全配置:Java 生成自定义jwt令牌并验证用户,Spring Security,java,authentication,spring-security,jwt,Java,Authentication,Spring Security,Jwt,情况:我有一个来自另一个API的令牌,其中包含用户信息,并且用户已经登录。我想验证这个用户信息(已经提取)并用我的spring安全应用程序生成一个令牌 注意:我使用的是Jwt自定义enchancer,很抱歉是新手发布的方式 我的安全配置: @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { TokenEnhancerChain tokenE
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
endpoints.tokenStore(tokenStore()).tokenEnhancer(tokenEnhancerChain).reuseRefreshTokens(false)
.exceptionTranslator(loggingExceptionTranslator()).authenticationManager(authenticationManager);
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
accessTokenConverter.setSigningKey(properties.getAuth().getSigningKey());
return accessTokenConverter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new PlaceTokenEnhancer();
}
实际上,我解决了自己的调试和搜索问题
//load full user info (custom method)
UserDetails userDetails = placeUserDetailsService.loadUserByUsername(responseUser.getEmail());
Set<String> scope = new HashSet<>();
scope.add("read"); scope.add("write");
OAuth2Request auth2Request = new OAuth2Request(null, "smthg", userDetails.getAuthorities(), true,
scope, null, null, null, null);
//Custom OAuth2Token
PlaceAuthenticationToken placeAuthenticationToken = new PlaceAuthenticationToken(userDetails, userDetails.getAuthorities());
placeAuthenticationToken.setAuthenticated(true);
placeAuthenticationToken.setDetails(new WebAuthenticationDetails(request));
OAuth2Authentication auth = new OAuth2Authentication(auth2Request, placeAuthenticationToken);
auth.setAuthenticated(true);
auth.setDetails(placeAuthenticationToken.getDetails());
accessToken = authServer.createAccessToken(auth);
DefaultOAuth2AccessToken tkn = (DefaultOAuth2AccessToken) accessToken;
tkn.setRefreshToken(null);
accessToken = tkn;
//加载完整的用户信息(自定义方法)
UserDetails UserDetails=placeUserDetailsService.loadUserByUsername(responseUser.getEmail());
Set scope=new HashSet();
范围。添加(“阅读”);范围。添加(“写入”);
OAuth2Request auth2Request=新的OAuth2Request(null,“smthg”,userDetails.getAuthorities(),true,
作用域,null,null,null,null);
//自定义OAuth2Token
PlaceAuthenticationToken PlaceAuthenticationToken=新的PlaceAuthenticationToken(userDetails,userDetails.getAuthories());
placeAuthenticationToken.setAuthenticated(true);
placeAuthenticationToken.setDetails(新的WebAuthenticationDetails(请求));
OAuth2Authentication auth=新的OAuth2Authentication(auth2Request,placeAuthenticationToken);
auth.setAuthenticated(true);
auth.setDetails(placeAuthenticationToken.getDetails());
accessToken=authServer.createAccessToken(auth);
DefaultOAuth2AccessToken tkn=(DefaultOAuth2AccessToken)accessToken;
tkn.setRefreshToken(空);
accessToken=tkn;
基本上,您所要做的就是使用Oauth2Request和use.createAccessToken()生成身份验证
也许它可以帮助其他人