Spring 引导资源服务器主体名称
Spring boot resource server principal name
我有一个 Keycloak 服务器 运行。和一个 spring 启动应用程序作为资源服务器。我可以进行身份验证并获取令牌,spring 启动应用程序将接受该令牌。但是当我想从委托人那里获取用户名时,我会得到一个 UUID 而不是我的电子邮件或用户名。我还在我的密钥斗篷中添加了一个映射器,将 preferred_username 映射到用户名。它正在运行。
智威汤逊信息
...
"scope": "openid profile email",
"email_verified": true,
"username": "test@test.com",
"DOB": "12345",
"name": "test test",
"preferred_username": "test@test.com",
"given_name": "test",
"family_name": "test",
"email": "test@test.com"
}
我的 spring 应用程序属性:
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8080/auth/realms/test
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class JWTSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authz -> authz
.anyRequest().permitAll().permitAll())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}
Spring 安全将 JWT 令牌作为主体保存到 SecurityContextHolder。例如,以下代码将 return 您要查找的用户名。
...
import org.springframework.security.oauth2.jwt.Jwt;
...
@GetMapping(value = "current-user", produces = "application/json")
ResponseEntity<String> getLoggedInUser() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Jwt principal = (Jwt) authentication.getPrincipal();
String currentUserName = principal.getClaimAsString("username");
return new ResponseEntity<String>(currentUserName, HttpStatus.OK);
}
我有一个 Keycloak 服务器 运行。和一个 spring 启动应用程序作为资源服务器。我可以进行身份验证并获取令牌,spring 启动应用程序将接受该令牌。但是当我想从委托人那里获取用户名时,我会得到一个 UUID 而不是我的电子邮件或用户名。我还在我的密钥斗篷中添加了一个映射器,将 preferred_username 映射到用户名。它正在运行。
智威汤逊信息
...
"scope": "openid profile email",
"email_verified": true,
"username": "test@test.com",
"DOB": "12345",
"name": "test test",
"preferred_username": "test@test.com",
"given_name": "test",
"family_name": "test",
"email": "test@test.com"
}
我的 spring 应用程序属性:
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8080/auth/realms/test
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class JWTSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authz -> authz
.anyRequest().permitAll().permitAll())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}
Spring 安全将 JWT 令牌作为主体保存到 SecurityContextHolder。例如,以下代码将 return 您要查找的用户名。
...
import org.springframework.security.oauth2.jwt.Jwt;
...
@GetMapping(value = "current-user", produces = "application/json")
ResponseEntity<String> getLoggedInUser() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Jwt principal = (Jwt) authentication.getPrincipal();
String currentUserName = principal.getClaimAsString("username");
return new ResponseEntity<String>(currentUserName, HttpStatus.OK);
}