升级到 Spring Boot 2.4 会导致 GrantedAuthoritiesMapper 停止使用 OAuth

Upgrade to Spring Boot 2.4 causes GrantedAuthoritiesMapper to stop working with OAuth

我正在尝试 upgrade JHipster to use Spring Boot 2.4。我正在测试的应用程序有一个 Spring 安全配置,它启用 OAuth 登录并使用 Spring 安全设置资源服务器:

        .and()
            .oauth2Login()
        .and()
            .oauth2ResourceServer()
                .jwt()
                .jwtAuthenticationConverter(authenticationConverter())
                .and()
            .and()
                .oauth2Client();

升级到Spring Boot 2.4后,我的GrantedAuthoritiesMapper bean不再被调用,所以我的权限不再被翻译。知道为什么吗?

    /**
     * Map authorities from "groups" or "roles" claim in ID Token.
     *
     * @return a {@link GrantedAuthoritiesMapper} that maps groups from
     * the IdP to Spring Security Authorities.
     */
    @Bean
    public GrantedAuthoritiesMapper userAuthoritiesMapper() {
        return authorities -> {
            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

            authorities.forEach(
                authority -> {
                    // Check for OidcUserAuthority because Spring Security 5.2 returns
                    // each scope as a GrantedAuthority, which we don't care about.
                    if (authority instanceof OidcUserAuthority) {
                        OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
                        mappedAuthorities.addAll(SecurityUtils.extractAuthorityFromClaims(oidcUserAuthority.getUserInfo().getClaims()));
                    }
                }
            );
            return mappedAuthorities;
        };
    }

我明白了。 Spring Security 5.4.0 removed the default scopes,所以我不得不添加以下 属性:

scope: openid,profile,email

有关详细信息,请参阅 this commit