After Spring Cloud OAuth2 integrates JWT, usually we can only obtain username for user information, and userId or other information is often needed for actual development
Check_token Describes the check_token process
We need to understand how Spring Cloud oauth2 is check_token, do not understand friends can move to Spring Cloud oauth2 check token source code parsing
-
Friend you know to understand check_token process check_token OAuth2AuthenticationProcessingFilter filter interception, the first step is to be filter will get encapsulated into the Authentication token information on request Like, Through OAuth2AuthenticationManager call tokenService get OAuth2Authentication OAuth2Authentication object includes client and user information and some request information request Then the series of client information to verify, finally, of course, is deposited to SecurityContextHolder. The Context
-
W tokenService and did some what, go tokenStore tokenService gets to the token information, different tokenStore have different access, For example, RedisTokenStore, as its name implies, obtains token information from Redis, then JwtTokenStore of course decrypts JWT token to obtain token information
-
After getting the token information, Call to the extractAuthentication() method in JwtAccessTokenConverter DefaultAccessTokenConverter. ExtractAuthentication () to obtain user information, and the token information of client information encapsulated into OAuth2Request object, Finally, OAuth2Request object and user information are summarized together to build an OAuth2Authentication object return
-
DefaultAccessTokenConverter. ExtractAuthentication () is how to get user information? Said that we have to last class should also appeared, yes he is DefaultUserAuthenticationConverter, from the name of the class can see it is responsible for user information conversion, DefaultAccessTokenConverter. ExtractAuthentication () is to invoke the DefaultUserAuthenticationConverter for user information, DefaultUserAuthenticationConverter will have to account to get to the token information, and then determine whether a userDetailsService is empty, not empty, by userDetailsService to query the user information, Username = ‘username’; username = ‘username’
DefaultUserAuthenticationConverter source code parsing
We said to DefaultUserAuthenticationConverter above is the last class, then we will have a look at what it is mainly done, it will ultimately is extractAuthentication method, You can see from this method why only username is returned by default
public Authentication extractAuthentication(Map<String, ? > map) { if (map.containsKey(USERNAME)) { Object principal = map.get(USERNAME); Collection<? extends GrantedAuthority> authorities = getAuthorities(map); if (userDetailsService ! = null) { UserDetails user = userDetailsService.loadUserByUsername((String) map.get(USERNAME)); authorities = user.getAuthorities(); principal = user; } return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities); } return null; } private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ? > map) { if (! map.containsKey(AUTHORITIES)) { return defaultAuthorities; } Object authorities = map.get(AUTHORITIES); if (authorities instanceof String) { return AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities); } if (authorities instanceof Collection) { return AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils .collectionToCommaDelimitedString((Collection<?>) authorities)); } throw new IllegalArgumentException("Authorities must be either a String or a Collection"); }Copy the code
After all this nonsense, we still haven’t talked about how to customize the user message return, yes you guessed it, let’s talk about how to customize the user message return, okay
Custom user information is displayed
If userDetailsService is null, you can return the custom user information if you inject userDetailsService.
But have you ever thought that the advantage of JWT is that it can contain user information so as to reduce the pressure on the server to store token information? If so, why use JWT
My idea is to inherit DefaultUserAuthenticationConverter and implement UserAuthenticationConverter, rewrite it extractAuthentication () method
Attention! Attention! Attention! , my idea can be realized because I enhanced the token with TokenEnhancer when generating the token, so my JWT token contains the user information I need. I only need to extract the information to the extractAuthentication method and encapsulate it into an object. Just put it in Authentication
TokenEnhancer TokenEnhancer TokenEnhancer TokenEnhancer TokenEnhancer TokenEnhancer TokenEnhancer
So let’s start coding
- Custom LwUserAuthenticationConverter inheritance DefaultUserAuthenticationConverter UserAuthenticationConverter and implementation, Override its extractAuthentication() method
public class LwUserAuthenticationConverter extends DefaultUserAuthenticationConverter implements UserAuthenticationConverter { private Collection<? extends GrantedAuthority> defaultAuthorities = new ArrayList<>(); @Override public Authentication extractAuthentication(Map<String, ? > map) { if (map.containsKey(USERNAME)) { Collection<? extends GrantedAuthority> authorities = getAuthorities(map); Map principal = (Map) map.get(SecurityConstants.USER_INFO); String userId = MapUtil.getStr(principal, "userId"); String username = MapUtil.getStr(principal, "username"); String password = MapUtil.getStr(principal, "password"); String openid = MapUtil.getStr(principal, "openid"); String phone = MapUtil.getStr(principal, "phone"); String avatar = MapUtil.getStr(principal, "avatar"); LoginUser loginUser = new LoginUser(username, password, userId, phone, avatar, openid, authorities); return new UsernamePasswordAuthenticationToken(loginUser, "N/A", authorities); } return null; } private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ? > map) { if (! map.containsKey(AUTHORITIES)) { return defaultAuthorities; } Object authorities = map.get(AUTHORITIES); if (authorities instanceof String) { return AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities); } if (authorities instanceof Collection) { return AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils .collectionToCommaDelimitedString((Collection<?>) authorities)); } throw new IllegalArgumentException("Authorities must be either a String or a Collection"); }}Copy the code
- Will JwtAccessTokenConverter userTokenConverter attributes of replacing our custom LwUserAuthenticationConverter
- Change TokenStore to JwtTokenStore and inject JwtAccessTokenConverter into JwtTokenStore
@bean public TokenStore TokenStore() {return new JwtTokenStore(jwtAccessTokenConverter()); } / * * * * / @ JWT converter Bean public JwtAccessTokenConverter JwtAccessTokenConverter () {DefaultAccessTokenConverter defaultConverter = new DefaultAccessTokenConverter(); defaultConverter.setUserTokenConverter(lwUserAuthenticationConverter()); JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setAccessTokenConverter(defaultConverter); converter.setSigningKey("123456"); return converter; } / * * * * @ custom user authentication converter param * / @ Bean public LwUserAuthenticationConverter LwUserAuthenticationConverter () {return new LwUserAuthenticationConverter(); }Copy the code
- Set storage policies in the resource server configuration file
/ open access policy * * * * into the token stateless mode * * @ param resource * / @ Override public void the configure (ResourceServerSecurityConfigurer resource) throws Exception { resource.tokenStore(tokenStore) .stateless(true); }Copy the code
And then we’re done,
Results demonstrate
Yeah, we already got customized user information