Spring boot 如何删除hasAuthority中的作用域前缀
这是我象征性的回应。但是Spring自动添加范围前缀。如何在spring引导中配置ScopeVoter.setScopePrefix(字符串scopePrefix)。请帮帮我。谢谢Spring boot 如何删除hasAuthority中的作用域前缀,spring-boot,spring-security,oauth-2.0,Spring Boot,Spring Security,Oauth 2.0,这是我象征性的回应。但是Spring自动添加范围前缀。如何在spring引导中配置ScopeVoter.setScopePrefix(字符串scopePrefix)。请帮帮我。谢谢 "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1MkRsOVNTMlREY0M5SkFtZmZ3ZE1BNjJkbFBreDlFMDdRSnhObF9sVDNJIn0.eyJleHAiOjE2MDQ
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1MkRsOVNTMlREY0M5SkFtZmZ3ZE1BNjJkbFBreDlFMDdRSnhObF9sVDNJIn0.eyJleHAiOjE2MDQwMjM0MDEsImlhdCI6MTYwNDAyMzEwMSwianRpIjoiMTZkMDBjNzEtYTRiZS00MGNhLTk4NjUtZGQxNGVlYmU5MGFjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL21pY3Jvc2VydmljZSIsInN1YiI6IjFkYTEzZGMzLTI0NDUtNGVlNC1iMWE1LTM2NzZjNjIyNjg5NyIsInR5cCI6IkJlYXJlciIsImF6cCI6Im1vYmlsZXJldGFpbCIsInNlc3Npb25fc3RhdGUiOiIyYjM2MzFkYi05ZjAyLTQyMjktOTM4NC1kNDQxYzRjZjY3NTEiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtb2JpbGVyZXRhaWwiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX19LCJzY29wZSI6InBob25lIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudElkIjoibW9iaWxlcmV0YWlsIiwiY2xpZW50SG9zdCI6IjEyNy4wLjAuMSIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1tb2JpbGVyZXRhaWwiLCJjbGllbnRBZGRyZXNzIjoiMTI3LjAuMC4xIn0.L0miTQSm1C_vQdE4DxW4h27R3qphjZ97JVOaoRDkAyiWSu26NpiNH0hBF3_iJ4RUlDm6pjOMQvRntVcpouV7gtTd4Pvi9bkxPI6je-LEhIXHeDsFpMeNIy9T7YyfICsQQULLzwJ9uNDAWcsgSIGAqHcCaHtSh3X3PUyDQtFth8JBqUGESyzqAQ2F2ydtQC4TBe7l6bKeU0hO0rVFWTBOB8KZm4NaV2xgyy3KSkr_iSNctidTyXDQZBIKJsVqUH8uUcCMxsdqVHmMY9i_Sr_GzbMBGNnVeQpvLiqN3yHgwTXJA58Ttt5LL4yOmtJEG7Qj9gESxAmkj1_WKqmhNWp7oA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxOGM5ZmRiNy1mNzQ0LTQ2ZjktODQ4Ni0wMTFjNWVkOWNkZDIifQ.eyJleHAiOjE2MDQwMjQ5MDEsImlhdCI6MTYwNDAyMzEwMSwianRpIjoiOTY5ZGMzZTEtMWVhOC00YThkLWIxOTEtZDhlNDg1YTU2ZWVkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL21pY3Jvc2VydmljZSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9taWNyb3NlcnZpY2UiLCJzdWIiOiIxZGExM2RjMy0yNDQ1LTRlZTQtYjFhNS0zNjc2YzYyMjY4OTciLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoibW9iaWxlcmV0YWlsIiwic2Vzc2lvbl9zdGF0ZSI6IjJiMzYzMWRiLTlmMDItNDIyOS05Mzg0LWQ0NDFjNGNmNjc1MSIsInNjb3BlIjoicGhvbmUgcHJvZmlsZSBlbWFpbCJ9.wZtoxah1dofhZOoMfODG2faFIivjjlTIxVeMJgu_Gm8",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "2b3631db-9f02-4229-9384-d441c4cf6751",
"scope": "phone profile email"
hasAuthority(“范围电话”)正在工作,但hasAnyAuthority(“电话”)不工作
@RequestMapping(value = "/user", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('SCOPE_phone')")
public ResponseEntity<String> getUser() {
return ResponseEntity.ok("Hello User");
}
@RequestMapping(value = "/test", method = RequestMethod.GET)
@PreAuthorize("hasAnyAuthority('phone')")
public ResponseEntity<String> test() {
return ResponseEntity.ok("Hello test");
}
@RequestMapping(value=“/user”,method=RequestMethod.GET)
@预授权(“hasAuthority('SCOPE_phone'))
公共响应性getUser(){
返回ResponseEntity.ok(“你好用户”);
}
@RequestMapping(value=“/test”,method=RequestMethod.GET)
@预授权(“hasAnyAuthority('phone'))
公众反应测试(){
返回ResponseEntity.ok(“你好测试”);
}
我在下面的一个应用程序中管理它。您是否尝试过将自定义AccessDecisionManager与NoPrefix一起注入ScopeVoter。因为默认值是范围。因为我找不到范围前缀的现成配置
@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter {
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
....
....
....
....
.permitAll();
http.authorizeRequests()
.accessDecisionManager(accessDecisionManager()); // passed custom access decision manager
}
@Bean
public AccessDecisionManager accessDecisionManager() {
java.util.List<AccessDecisionVoter<? extends Object>> decisionVoters
= Arrays.asList(
new WebExpressionVoter(), // You can add or remove the Role voters as per need
new RoleVoter(), // For ROLE_ prefix
new AuthenticatedVoter(),
scopeVoterWithNoPrefix() // Get instance of ScopeVoter
);
return new UnanimousBased(decisionVoters);
}
@Bean
public ScopeVoter scopeVoterWithNoPrefix() {
ScopeVoter scopeVoter = new ScopeVoter();
scopeVoter.setScopePrefix("")
return scopeVoter;
}
}
@配置
@启用Web安全性
公共类应用程序安全配置扩展了WebSecurity配置适配器{
}
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http.authorizeRequests()
.及()
....
....
....
....
.permitAll();
http.authorizeRequests()
.accessDecisionManager(accessDecisionManager());//已传递自定义访问决策管理器
}
@豆子
公共访问决策管理器访问决策管理器(){
java.util.list您使用的是哪个版本的spring boot?@Mahesh_Loya我使用的是2.3.4.RELEASE spring boot Versions这些是我在书中读到的内容。但在我的情况下它不起作用。可能是因为我从Keyclope服务器获得了令牌。谢谢您的帮助response@LoiNguyenTri只要JWT遵守OIDC/OAUTH规范,KeyClope、pin的所有功能都应该相同g/openam。只需按照我发布的答案尝试一下,让我们看看。否则,我们将学习“如何不做”的另一种方法: