Java 未调用Spring security客户令牌增强器
我使用java配置添加了一个自定义令牌增强器,如下所示Java 未调用Spring security客户令牌增强器,java,spring,spring-security,spring-oauth2,Java,Spring,Spring Security,Spring Oauth2,我使用java配置添加了一个自定义令牌增强器,如下所示 @Configuration @EnableAuthorizationServer public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { @Autowired private DataSource dataSource; @Autowired private UserAppr
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource).withClient("abcd").secret("secret")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust")
.accessTokenValiditySeconds(60 * 60 * 24 * 1)
.refreshTokenValiditySeconds(60 * 60 * 24 * 30);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
endpoints.tokenStore(tokenStore()).tokenEnhancer(tokenEnhancerChain).userApprovalHandler(userApprovalHandler)
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").realm(REALM);
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
return converter;
}
}
下面是自定义令牌增强器
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
公共类CustomTokenEnhancer实现TokenEnhancer{
@凌驾
公共OAuth2AccessToken增强(OAuth2AccessToken accessToken,OAuth2Authentication身份验证){
final Map additionalInfo=新HashMap();
additionalInfo.put(“组织”,authentication.getName()+随机字母(4));
((DefaultOAuth2AccessToken)accessToken).setAdditionalInformation(additionalInfo);
返回accessToken;
}
}
我已经在调试时运行了该应用程序,并且在CustomTokenEnhancer的增强方法上有一个调试点。现在,当我点击oauth/token方法来生成令牌时,它不会进入增强方法
如果我遗漏了什么,请给出建议。我看不到您在任何地方分配令牌增强器。我记得你需要这样的东西:
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
// some code here
.tokenEnhancer(tokenEnhancer());
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
// some code here as well
tokenServices.setTokenEnhancer(tokenEnhancer());
return tokenServices;
}
// Beans beans beans
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
在此之后,您应该让您的令牌增强器参与进来。我看不到您在任何地方分配令牌增强器。我记得你需要这样的东西:
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
// some code here
.tokenEnhancer(tokenEnhancer());
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
// some code here as well
tokenServices.setTokenEnhancer(tokenEnhancer());
return tokenServices;
}
// Beans beans beans
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
在这之后,您应该让您的令牌增强器参与进来。假设您的客户增强器是CustomTokenEnhancer
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints){
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
enhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter));
endpoints.tokenStore(tokenStore)
.accessTokenConverter(accessTokenConverter)
.tokenEnhancer(enhancerChain)
.authenticationManager(authenticationManager).tokenGranter(tokenGranter(endpoints));
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
假设您的客户增强器是CustomTokenEnhancer
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints){
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
enhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter));
endpoints.tokenStore(tokenStore)
.accessTokenConverter(accessTokenConverter)
.tokenEnhancer(enhancerChain)
.authenticationManager(authenticationManager).tokenGranter(tokenGranter(endpoints));
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
我遇到了同样的问题,尽管我实现了以下功能:
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
公共类CustomTokenEnhancer实现TokenEnhancer{
@凌驾
公共OAuth2AccessToken增强(OAuth2AccessToken accessToken,OAuth2Authentication身份验证){
final Map additionalInfo=新HashMap();
additionalInfo.put(“组织”,authentication.getName()+随机字母(4));
((DefaultOAuth2AccessToken)accessToken).setAdditionalInformation(additionalInfo);
返回accessToken;
}
}
令牌enhacer没有被调用,因为与spring oauth的默认表相对应的表中有一个寄存器,oauth\u access\u token,我只删除了与客户端id和用户名相对应的记录,就解决了这个问题 我遇到了同样的问题,尽管我实现了以下功能:
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
公共类CustomTokenEnhancer实现TokenEnhancer{
@凌驾
公共OAuth2AccessToken增强(OAuth2AccessToken accessToken,OAuth2Authentication身份验证){
final Map additionalInfo=新HashMap();
additionalInfo.put(“组织”,authentication.getName()+随机字母(4));
((DefaultOAuth2AccessToken)accessToken).setAdditionalInformation(additionalInfo);
返回accessToken;
}
}
令牌enhacer没有被调用,因为与spring oauth的默认表相对应的表中有一个寄存器,oauth\u access\u token,我只删除了与客户端id和用户名相对应的记录,就解决了这个问题 未调用CustomTokenEnhancer,因为您正在使用JdbcTokenStore,并且一些访问令牌已缓存在数据库中 请手动删除此表oauth_access_令牌中的记录,然后重试
请参阅此问题以获取参考:您的CustomTokenEnhancer未被调用,因为您正在使用JdbcTokenStore,并且一些访问令牌已缓存在数据库中 请手动删除此表oauth_access_令牌中的记录,然后重试
请参阅本期参考资料:我已经添加了bean tokenServices(),但sameI仍然添加了bean tokenServices(),但sameThank仍然支持您!你刚刚救了我一天,非常感谢。你也救了我一天。。我是说晚安,谢谢!你刚刚救了我一天,非常感谢。你也救了我一天。。我是说晚上