Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring自定义oauth2响应数据_Java_Spring_Spring Boot_Spring Oauth2 - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring自定义oauth2响应数据

Java Spring自定义oauth2响应数据

java spring spring-boot

Java Spring自定义oauth2响应数据,java,spring,spring-boot,spring-oauth2,Java,Spring,Spring Boot,Spring Oauth2,我是JavaSpring的新手,我想定制oauth2响应数据来添加我的用户数据,但对我和我的数据响应来说,像这样很难 { "access_token": "4024beac-bc3d-463c-8225-4183e7d8a057", "token_type": "bearer", "refresh_token": "5d748d08-ca89-4de2-a2ac-0de2043ee53e", "expires_in": 298, "scope": "read writ

我是JavaSpring的新手,我想定制oauth2响应数据来添加我的用户数据,但对我和我的数据响应来说,像这样很难

{
  "access_token": "4024beac-bc3d-463c-8225-4183e7d8a057",
   "token_type": "bearer",
   "refresh_token": "5d748d08-ca89-4de2-a2ac-0de2043ee53e",
   "expires_in": 298,
   "scope": "read write"
}
我想要这样

{
"access_token": "4024beac-bc3d-463c-8225-4183e7d8a057",
"token_type": "bearer",
"refresh_token": "5d748d08-ca89-4de2-a2ac-0de2043ee53e",
"expires_in": 298,
"scope": "read write",
"myUserData": {"id" : 1,"firstName": "Hiku","lastname": "Saing"}
}
这是我的代码3文件配置

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("admin").secret(bCryptPasswordEncoder.encode("123"))
            .authorizedGrantTypes("password", "refresh_token")
            .scopes("read", "write")
            .accessTokenValiditySeconds(5 * 60)
            .refreshTokenValiditySeconds(10 * 60);
    }
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager);
        endpoints.pathMapping("/oauth/token", "/login/**");
    }
}

public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.anonymous().disable()
            .authorizeRequests().antMatchers("/oauth/token", "/login/**", "/register").permitAll()
            .and()
            .authorizeRequests().antMatchers("/api/**")
            .authenticated()
            .and()
            .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    }
}
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserServiceLoginImp userService;
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();

    }
    @Override
    protected void configure (AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(encoder());
    }
    @Bean
    public BCryptPasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }
}
任何人都可以帮助我。

您可以使用

您可以在@Configuration类中定义它:

endpoints.tokenEnhancer(您的tokenEnhancer)

yourtokenhancer
必须是实现
org.springframework.security.oauth2.provider.token.TokenEnhancer
接口的类型

无论如何,请注意,这是一个令牌增强器,因此您不应该将其用作用户信息提供者。

为什么需要这样做?知道您可以从
身份验证
类中获得这些信息。当用户成功登录时,我将创建用于登录的api端点,然后我将向客户端响应用户数据信息。通过添加自定义响应数据,您违反了oauth的rfc规范,并且您没有将登录过程与业务逻辑端分离。我不建议这样做。这是一个糟糕的做法,你应该先登录,获取令牌。然后对“/user”端点执行第二个GET调用,并提供用户令牌,然后将用户对象返回给客户端。@Thomas Andolf,我想我可能需要跟随你,真的谢谢