Igo*_*rek 9 spring-security spring-oauth2
我已经使用spring安全模块实现了OAuth2密码授权.我添加了自己的UserDetails实现和UserDetailsService(jdbc).我将用户注入我的控制器:
@AuthenticationPrincipal User user
User是UserDetails的实现.现在我想添加更改用户数据的可能性而不刷新令牌.
我尝试用以下内容刷新主体:
User updatedUser = ...
Authentication newAuth = new UsernamePasswordAuthenticationToken(updatedUser, updatedUser.getPassword(), updatedUser.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(newAuth);
但它不起作用,当我调用另一个控制器方法时,它返回旧的User对象.
有没有办法在没有刷新令牌的情况下更改用户数据?是否有任何解决方案使Spring安全性始终从数据库(而不是从Cache)加载用户数据?
我从这个答案中找到了实现这一目标的方法。我创建HttpSessionSecurityContextRepository
@Bean
public ReloadUserPerRequestHttpSessionSecurityContextRepository userDetailContextRepository() {
return new ReloadUserPerRequestHttpSessionSecurityContextRepository();
}
并将其添加到我的asHttpSecurity类中WebSecurityConfigurerAdapter
.and()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.securityContext()
.securityContextRepository(userDetailContextRepository())
以下是在每次请求时获取更新的用户信息的示例代码。您可以从 API 服务器或user-info-urloauth2 配置中获取。
public class ReloadUserPerRequestHttpSessionSecurityContextRepository extends HttpSessionSecurityContextRepository {
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
SecurityContext context = super.loadContext(requestResponseHolder);
Authentication auth = context.getAuthentication();
if (auth != null && auth instanceof OAuth2Authentication) {
OAuth2Authentication oldAuth = (OAuth2Authentication) auth;
if (oldAuth.getPrincipal() instanceof LinkedHashMap) {
createNewUserDetailsFromPrincipal(oldAuth.getPrincipal());
}
context.setAuthentication(oldAuth);
}
return context;
}
@SuppressWarnings("unchecked")
private void createNewUserDetailsFromPrincipal(Object principal) {
LinkedHashMap<String, Object> userDetailInfo = (LinkedHashMap<String, Object>) principal;
// fetch User informations from your API server or your database or
// 'user-info-url' of oauth2 endpoint
userDetailInfo.put("name", "EDITED_USER_NAME");
}
}
| 归档时间: |
|
| 查看次数: |
940 次 |
| 最近记录: |