問題描述

我正在通過 本教程了解如何設置 Spring Boot oauth與 jwt.它涵蓋了使用 Angular 解碼 JWT 令牌，但我們如何解碼它并訪問資源服務器控制器內的自定義聲明?

I'm going through this tutorial on how to setup spring boot oauth with jwt. It covers decoding the JWT token using Angular, but how do we decode it and get access to custom claims inside the Resource Server controller?

例如，使用 JJWT 可以這樣做(基于這篇文章):

For example with JJWT it can be done like this (Based on this article):

    String subject = "HACKER";
    try {
        Jws jwtClaims = 
            Jwts.parser().setSigningKey(key).parseClaimsJws(jwt);

        subject = claims.getBody().getSubject();

        //OK, we can trust this JWT

    } catch (SignatureException e) {

        //don't trust the JWT!
    }

Spring 有一個 JWTAccessTokenConverter.decode() 方法，但是缺少javadoc，它是受保護的.

And Spring has a JWTAccessTokenConverter.decode() method, but the javadoc is lacking, and it is protected.

推薦答案

這是我在 Spring Boot 中訪問自定義 JWT 聲明的方式:

Here is how I am accessing custom JWT claims in Spring Boot:

1) 讓 Spring 將 JWT 內容復制到 Authentication 中:

1) Get Spring to copy JWT content into Authentication:

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends ResourceServerConfigurerAdapter{

    @Override
    public void configure(ResourceServerSecurityConfigurer config) {
        config.tokenServices( createTokenServices() );
    }

    @Bean
    public DefaultTokenServices createTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore( createTokenStore() );
        return defaultTokenServices;
    }

    @Bean
    public TokenStore createTokenStore() {               
        return new JwtTokenStore( createJwtAccessTokenConverter() );
    }

    @Bean
    public JwtAccessTokenConverter createJwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();     
        converter.setAccessTokenConverter( new JwtConverter() );
        return converter;
    }

    public static class JwtConverter extends DefaultAccessTokenConverter implements JwtAccessTokenConverterConfigurer {

        @Override
        public void configure(JwtAccessTokenConverter converter) {
            converter.setAccessTokenConverter(this);
        }

        @Override
        public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
            OAuth2Authentication auth = super.extractAuthentication(map);
            auth.setDetails(map); //this will get spring to copy JWT content into Authentication
            return auth;
        }
    }
}

2) 在代碼中的任何位置訪問令牌內容:

2) Access token content anywhere in your code:

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();        
Object details = authentication.getDetails();        
if ( details instanceof OAuth2AuthenticationDetails ){
    OAuth2AuthenticationDetails oAuth2AuthenticationDetails = (OAuth2AuthenticationDetails)details;

    Map<String, Object> decodedDetails = (Map<String, Object>)oAuth2AuthenticationDetails.getDecodedDetails();

    System.out.println( "My custom claim value: " + decodedDetails.get("MyClaim") );
}  

這篇關于訪問資源服務器控制器內的 Spring OAuth 2 JWT 有效負載?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！