Jwt 在 Spring 引导中向令牌添加声明
Jwt add claims to token in Spring boot
您好,我曾尝试在 spring 引导中使用 jwt 令牌,但我遇到了将自定义声明添加到 jwt 令牌中的问题。我想添加自定义声明,例如发行者、受众、exp、sub、...user:{},..
如何将我的 object 添加到 header 和负载部分
我假设您正在使用 spring-security-oauth2。我没有得到 How can I add my object into header and payload sections 部分,但您可以使用 TokenEnhancer as mentioned in this tutorial。该教程的示例片段在下面内联显示:
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(
OAuth2AccessToken accessToken,
OAuth2Authentication authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
要获取更多信息,您可以使用 AuthorizationServerTokenServices
tokenServices.getAccessToken(authentication).getAdditionalInformation();
我已经用下面的代码解决了:
@Bean
public JwtAccessTokenConverter tokenEnhancer() {
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
new ClassPathResource("jwt.jks"),
keyStorePassword.toCharArray());
// For getting user information in getPrincipal()
DefaultUserAuthenticationConverter duac = new DefaultUserAuthenticationConverter();
duac.setUserDetailsService(userDetailsService);
DefaultAccessTokenConverter datc = new DefaultAccessTokenConverter();
datc.setUserTokenConverter(duac);
JwtAccessTokenConverter converter = new CustomAccessTokenConverter();
converter.setAccessTokenConverter(datc); // IMPORTANT
converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
return converter;
}
您好,我曾尝试在 spring 引导中使用 jwt 令牌,但我遇到了将自定义声明添加到 jwt 令牌中的问题。我想添加自定义声明,例如发行者、受众、exp、sub、...user:{},.. 如何将我的 object 添加到 header 和负载部分
我假设您正在使用 spring-security-oauth2。我没有得到 How can I add my object into header and payload sections 部分,但您可以使用 TokenEnhancer as mentioned in this tutorial。该教程的示例片段在下面内联显示:
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(
OAuth2AccessToken accessToken,
OAuth2Authentication authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("organization", authentication.getName() + randomAlphabetic(4));
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
要获取更多信息,您可以使用 AuthorizationServerTokenServices
tokenServices.getAccessToken(authentication).getAdditionalInformation();
我已经用下面的代码解决了:
@Bean
public JwtAccessTokenConverter tokenEnhancer() {
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
new ClassPathResource("jwt.jks"),
keyStorePassword.toCharArray());
// For getting user information in getPrincipal()
DefaultUserAuthenticationConverter duac = new DefaultUserAuthenticationConverter();
duac.setUserDetailsService(userDetailsService);
DefaultAccessTokenConverter datc = new DefaultAccessTokenConverter();
datc.setUserTokenConverter(duac);
JwtAccessTokenConverter converter = new CustomAccessTokenConverter();
converter.setAccessTokenConverter(datc); // IMPORTANT
converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
return converter;
}