Spring boot OAuth2AuthenticationToken与OAuth2Authentication
1-OAuth2AuthenticationToken和OAuth2Authentication之间有什么区别 2-在我的spring boot客户端web应用程序中,我使用依赖项“spring-boot-starter-oauth2-client”来实现(单点登录)具有授权服务器的sso,因此客户端应用程序中的主体是OAuth2AuthenticationToken。是这样吗 3-我无法使用@PreAuthorize(#oauth2.hasScope('xxx')),因为它正在处理OAuth2Authentication而不是OAuth2AuthenticationToken,为什么? 但是当我使用@PreAuthorize(hasRole('SomeRole'))时,它工作得很好 4-以下是身份验证对象(主体)的示例 这些字段是什么?为什么有一些冗余信息?为什么有多个具有不同值的权限 5-如果我在授权服务器中使用JWT,我是否需要更改客户端应用程序中的任何内容 谢谢Spring boot OAuth2AuthenticationToken与OAuth2Authentication,spring-boot,oauth-2.0,spring-security-oauth2,spring-oauth2,Spring Boot,Oauth 2.0,Spring Security Oauth2,Spring Oauth2,1-OAuth2AuthenticationToken和OAuth2Authentication之间有什么区别 2-在我的spring boot客户端web应用程序中,我使用依赖项“spring-boot-starter-oauth2-client”来实现(单点登录)具有授权服务器的sso,因此客户端应用程序中的主体是OAuth2AuthenticationToken。是这样吗 3-我无法使用@PreAuthorize(#oauth2.hasScope('xxx')),因为它正在处理OAuth2
{
"authorities": [
{
"authority": "ROLE_USER",
"attributes": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "127.0.0.1",
"sessionId": null,
"tokenValue": "184dd32f-7c70-4bf5-9d7f-43c8d565f996",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": "A9ADB8153471994D338F0FDEAF98FF07"
},
"authenticated": true,
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"accountNonLocked": true,
"credentialsNonExpired": true,
"accountNonExpired": true
},
"credentials": null,
"name": "bob"
},
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"accountNonLocked": true,
"credentialsNonExpired": true,
"accountNonExpired": true
},
"oauth2Request": {
"clientId": "demo",
"scope": [
"demo_scope"
],
"requestParameters": {
"code": "yymxbk",
"grant_type": "authorization_code",
"scope": "demo_scope",
"response_type": "code",
"state": "osBji_UdByl9XG5O4Jy3lavSHSiU1FRo-knhY7gTsI8=",
"redirect_uri": "http:\/\/localhost:8081\/login\/oauth2\/code\/",
"client_id": "demo"
},
"resourceIds": [
"demo_resource",
"auth_resource"
],
"authorities": [
{
"authority": "demo_auth"
}
],
"approved": true,
"refresh": false,
"redirectUri": "http:\/\/localhost:8081\/login\/oauth2\/code\/",
"responseTypes": [
"code"
],
"extensions": {},
"grantType": "authorization_code",
"refreshTokenRequest": null
},
"credentials": "",
"clientOnly": false,
"name": "bob"
}
}
],
"details": null,
"authenticated": true,
"principal": {
"authorities": [
{
"authority": "ROLE_USER",
"attributes": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "127.0.0.1",
"sessionId": null,
"tokenValue": "184dd32f-7c70-4bf5-9d7f-43c8d565f996",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": "A9ADB8153471994D338F0FDEAF98FF07"
},
"authenticated": true,
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"accountNonLocked": true,
"credentialsNonExpired": true,
"accountNonExpired": true
},
"credentials": null,
"name": "bob"
},
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"accountNonLocked": true,
"credentialsNonExpired": true,
"accountNonExpired": true
},
"oauth2Request": {
"clientId": "demo",
"scope": [
"demo_scope"
],
"requestParameters": {
"code": "yymxbk",
"grant_type": "authorization_code",
"scope": "demo_scope",
"response_type": "code",
"state": "osBji_UdByl9XG5O4Jy3lavSHSiU1FRo-knhY7gTsI8=",
"redirect_uri": "http:\/\/localhost:8081\/login\/oauth2\/code\/",
"client_id": "demo"
},
"resourceIds": [
"demo_resource",
"auth_resource"
],
"authorities": [
{
"authority": "demo_auth"
}
],
"approved": true,
"refresh": false,
"redirectUri": "http:\/\/localhost:8081\/login\/oauth2\/code\/",
"responseTypes": [
"code"
],
"extensions": {},
"grantType": "authorization_code",
"refreshTokenRequest": null
},
"credentials": "",
"clientOnly": false,
"name": "bob"
}
}
],
"attributes": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "127.0.0.1",
"sessionId": null,
"tokenValue": "184dd32f-7c70-4bf5-9d7f-43c8d565f996",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": "A9ADB8153471994D338F0FDEAF98FF07"
},
"authenticated": true,
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"accountNonLocked": true,
"credentialsNonExpired": true,
"accountNonExpired": true
},
"credentials": null,
"name": "bob"
},
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"accountNonLocked": true,
"credentialsNonExpired": true,
"accountNonExpired": true
},
"oauth2Request": {
"clientId": "demo",
"scope": [
"demo_scope"
],
"requestParameters": {
"code": "yymxbk",
"grant_type": "authorization_code",
"scope": "demo_scope",
"response_type": "code",
"state": "osBji_UdByl9XG5O4Jy3lavSHSiU1FRo-knhY7gTsI8=",
"redirect_uri": "http:\/\/localhost:8081\/login\/oauth2\/code\/",
"client_id": "demo"
},
"resourceIds": [
"demo_resource",
"auth_resource"
],
"authorities": [
{
"authority": "demo_auth"
}
],
"approved": true,
"refresh": false,
"redirectUri": "http:\/\/localhost:8081\/login\/oauth2\/code\/",
"responseTypes": [
"code"
],
"extensions": {},
"grantType": "authorization_code",
"refreshTokenRequest": null
},
"credentials": "",
"clientOnly": false,
"name": "bob"
},
"name": "bob"
},
"authorizedClientRegistrationId": "custom-client",
"credentials": "",
"name": "bob"
}