1-OAuth2AuthenticationToken 和 OAuth2Authentication 之间有什么区别?
2-在我的 Spring Boot 客户端 Web 应用程序中,我使用依赖项“spring-boot-starter-oauth2-client”通过授权服务器实现(单点登录)sso,因此客户端应用程序中的主体是 OAuth2AuthenticationToken。是对的吗?
3-我无法使用 @PreAuthorize(#oauth2.hasScope('xxx')) 因为它适用于 OAuth2Authentication 而不是 OAuth2AuthenticationToken,为什么?但是当我使用 @PreAuthorize(hasRole('SomeRole')) 时,它工作得很好。
4-这是身份验证对象(主体)的示例
{
"authorities": [
{
"authority": "ROLE_USER",
"attributes": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "127.0.0.1",
"sessionId": null,
"tokenValue": "184dd32f-7c70-4bf5-9d7f-43c8d565f996",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE_ADMINISTRATORS"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": "A9ADB8153471994D338F0FDEAF98FF07"
},
"authenticated": true,
"principal": {
"enabled": true,
"password": null,
"username": "bob",
"dn": "uid=bob,ou=people,dc=springframework,dc=org",
"authorities": [ …