Java – spring, oauth2: Lost authentication details after refreshing token

I have two spring applications: authentication services and business services

When a web service user authenticates on the authentication service, he will get access_ Token and refresh_ token. He can refresh_ The token is sent to the service to refresh his access_ token. The service implements authenticationprovider, which sets the details of authentication:

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException { 
    UsernamePasswordAuthenticationToken newAuthentication = ...;
    LinkedHashMap<String,Object> detailsMap = (LinkedHashMap<String,Object>) authentication.getDetails();
    detailsMap.put(...);
    newAuthentication.setDetails(detailsMap);
    return newAuthentication;
}

Business services are guaranteed by oauth2 Its controller contains

@Secured({ SOME_ROLE })
@RequestMapping(...)
public ResponseEntity<?> doSomething(OAuth2Authentication authentication) {
    LinkedHashMap<String,String> detailsMap = (LinkedHashMap<String,String>) authentication
            .getUserAuthentication().getDetails();

If the web service user authenticates on the authentication service and invokes the business service, the detailsmap will contain the information set in authenticate() However, if he refreshes the token and invokes the business service again, the detailsmap will be null

I want to keep the detailsmap after refreshing the token How can I do this?

Solution

As a solution, we no longer use details, but save its data in the userdetails implementation

In the method authentication (authentication authentication) implemented by the authenticationprovider, we return the usernamepasswordauthenticationtoken, which is mainly set to userdetailsimplementation This userdetailsimplementation is also returned in the userdetailsservice implementation, which is called when the token is refreshed

In business services, we can access the required data

((UserDetailsImplementation) authentication.getPrincipal()).getDesiredData();
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>