Spring boot JwtAccessTokenConverterConfigurer备用?
我在我的安全实现中使用JWTAccessTokenConverterConfigure接口为我的Spring boot微服务提供oAuth2.0 我用这个实现了一个JWTAccessTokenCustomer。但我发现JWTAccessTokenConverterConfigure已被弃用。我现在可以用什么方法做这件事Spring boot JwtAccessTokenConverterConfigurer备用?,spring-boot,spring-security,jwt,spring-security-oauth2,Spring Boot,Spring Security,Jwt,Spring Security Oauth2,我在我的安全实现中使用JWTAccessTokenConverterConfigure接口为我的Spring boot微服务提供oAuth2.0 我用这个实现了一个JWTAccessTokenCustomer。但我发现JWTAccessTokenConverterConfigure已被弃用。我现在可以用什么方法做这件事 import com.fasterxml.jackson.databind.JsonNode import com.fasterxml.jackson.databind.Obje
import com.fasterxml.jackson.databind.JsonNode
import com.fasterxml.jackson.databind.ObjectMapper
import org.slf4j.LoggerFactory
import org.springframework.boot.autoconfigure.security.oauth2.resource.JwtAccessTokenConverterConfigurer
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.AuthorityUtils
import org.springframework.security.oauth2.provider.OAuth2Authentication
import org.springframework.security.oauth2.provider.OAuth2Request
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter
import java.util.*
//FIXME: JwtAccessTokenConverterConfigurer is deprecated; do something
class JwtAccessTokenCustomizer() : DefaultAccessTokenConverter(), JwtAccessTokenConverterConfigurer
在SpringSecurity5中,您可以实现
转换器角色角色import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import javax.validation.constraints.NotNull;
import java.util.Collection;
import java.util.Collections;
import java.util.stream.Collectors;
import java.util.stream.Stream;
public class CustomJwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
private final JwtGrantedAuthoritiesConverter defaultGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
public CustomJwtAuthenticationConverter() {
}
@Override
public AbstractAuthenticationToken convert(@NotNull final Jwt jwt) {
Collection<GrantedAuthority> authorities = Stream
.concat(defaultGrantedAuthoritiesConverter.convert(jwt).stream(), extractResourceRoles(jwt).stream())
.collect(Collectors.toSet());
return new JwtAuthenticationToken(jwt, authorities);
}
private static Collection<? extends GrantedAuthority> extractResourceRoles(final Jwt jwt) {
Collection<String> userRoles = jwt.getClaimAsStringList("roles");
if (userRoles != null)
return userRoles
.stream()
.map(role -> new SimpleGrantedAuthority("ROLE_" + role))
.collect(Collectors.toSet());
return Collections.emptySet();
}
}
import org.springframework.core.convert.converter.converter;
导入org.springframework.security.authentication.AbstractAuthenticationToken;
导入org.springframework.security.core.GrantedAuthority;
导入org.springframework.security.core.authority.SimpleGrantedAuthority;
导入org.springframework.security.oauth2.jwt.jwt;
导入org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
导入org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
导入javax.validation.constraints.NotNull;
导入java.util.Collection;
导入java.util.Collections;
导入java.util.stream.collector;
导入java.util.stream.stream;
公共类CustomJwtAuthenticationConverter实现转换器{
私有最终JwtGrantedAuthoritiesConverter defaultGrantedAuthoritiesConverter=新JwtGrantedAuthoritiesConverter();
公共CustomJwtAuthenticationConverter(){
}
@凌驾
公共AbstractAuthenticationToken转换(@NotNull final Jwt Jwt){
收集权限=流
.concat(defaultGrantedAuthoritiesConverter.convert(jwt.stream()),extractResourceRoles(jwt.stream())
.collect(收集器.toSet());
返回新的JwtAuthenticationToken(jwt,授权);
}
私有静态集合使用“新建”命令Spring Security 5 OAuth或Spring Security OAuth 2.x项目?您希望自定义什么值?虽然这解决了问题,但我对Spring-boot-starter-oauth2-resource-server&client注册采取了不同的方法。为了避免任何自定义类。@AshokKrishnamoorthy您介意为该实现共享任何资源吗。