我有一个 JWT,可以在特定声明下找到角色。该声明处于嵌套结构中。如何告诉 JwtAuthenticationConverter 查找特定路径下的角色?
作为授权服务器,我使用 Keycloak。可以为角色添加映射器。但我现在想排除这种可能性,因为目标是找到特定声明下的角色。
这是我解码的 JWT。角色“user-role”应位于声明下:“resource_access”->“user”->“roles”:
"resource_access": {
"admin": {
"roles": [
"admin-role"
]
},
"user": {
"roles": [
"user-role"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
这是我的 JwtAuthenticationConverter 配置:
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter());
}
private static JwtAuthenticationConverter jwtAuthenticationConverter()
{
var jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("resource_access.user.roles");
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
var jwtAuthenticationConverter = new JwtAuthenticationConverter(); …