oauth2 源码中用户信息只返回用户名称,现有需求要求返回userId,只能重写某些方法,server端和client端都要修改:
方法一、结果:userId 封装在token中,需要解析access_token才能看到,但是经测试发现,使用此方法之后refresh_token获取access_token时,自定义的字段都不见了,连自带的username也不见了,应该是要再重写refresh_token获取时的一些方法,暂未实现。
server:
1、重写 DefaultAccessTokenConverter.java的部分方法:
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import java.util.HashMap;
import java.util.Map;
public class MyDefaultAccessTokenConverter extends DefaultAccessTokenConverter {
private boolean includeGrantType;
private String scopeAttribute = SCOPE;
private String clientIdAttribute = CLIENT_ID;
private MyUserAuthenticationConverter userTokenConverter = new MyUserAuthenticationConverter();
public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
Map<String, Object> response = new HashMap<String, Object>();
OAuth2Request clientToken = authentication.getOAuth2Request();
if (!authentication.isClientOnly()) {
response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication()));
} else {
if (clientToken.getAuthorities()!=null && !clientToken.getAuthorities().isEmpty()) {
response.put(MyUserAuthenticationConverter.AUTHORITIES,
AuthorityUtils.authorityListToSet(clientToken.getAuthorities()));
}
}
if (token.getScope()!=null) {
response.put(scopeAttribute, token.getScope());
}
if (token.getAdditionalInformation().containsKey(JTI)) {
response.put(JTI, token.getAdditionalInformation().get(JTI));
}
if (token.getExpiration() != null) {
response.put(EXP, token.getExpiration().getTime() / 1000);
}
if (includeGrantType && authentication.getOAuth2Request().getGrantType()!=null) {
response.put(GRANT_TYPE, authentication.getOAuth2Request().getGrantType());
}
response.putAll(token.getAdditionalInformation());
response.put(clientIdAttribute, clientToken.getClientId());
if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) {
response.put(AUD, clientToken.getResourceIds());
}
return response;
}
}
2、重写 UserAuthenticationConverter.java的部分方法:
import com.langyatech.fcp.oauth.entity.OauthUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
import java.util.LinkedHashMap;
import java.util.Map;
public class MyUserAuthenticationConverter implements UserAuthenticationConverter {
@Override
public Map<String, ?> convertUserAuthentication(Authentication authentication) {
LinkedHashMap response = new LinkedHashMap();
response.put("userId", ((OauthUser) authentication.getPrincipal()).getUserId());
if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) {
response.put("authorities", AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
}
return response;
}
@Override
public org.springframework.security.core.Authentication extractAuthentication(Map<String, ?> map) {
return null;
}
}
3、重写 JwtAccessTokenConverter.java
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.*;
import org.springframework.security.oauth2.common.*;
import org.springframework.security.oauth2.common.util.JsonParser;
import org.springframework.security.oauth2.common.util.JsonParserFactory;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import java.util.Map;
public class MyJwtAccessTokenConverter extends JwtAccessTokenConverter
{
private AccessTokenConverter tokenConverter = new MyDefaultAccessTokenConverter();
private JsonParser objectMapper = JsonParserFactory.create();
private String verifierKey = new RandomValueStringGenerator().