Java – spring, oauth2: Lost authentication details after refreshing token
I have two spring applications: authentication services and business services
When a web service user authenticates on the authentication service, he will get access_ Token and refresh_ token. He can refresh_ The token is sent to the service to refresh his access_ token. The service implements authenticationprovider, which sets the details of authentication:
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken newAuthentication = ...;
LinkedHashMap<String,Object> detailsMap = (LinkedHashMap<String,Object>) authentication.getDetails();
detailsMap.put(...);
newAuthentication.setDetails(detailsMap);
return newAuthentication;
}
Business services are guaranteed by oauth2 Its controller contains
@Secured({ SOME_ROLE })
@RequestMapping(...)
public ResponseEntity<?> doSomething(OAuth2Authentication authentication) {
LinkedHashMap<String,String> detailsMap = (LinkedHashMap<String,String>) authentication
.getUserAuthentication().getDetails();
If the web service user authenticates on the authentication service and invokes the business service, the detailsmap will contain the information set in authenticate() However, if he refreshes the token and invokes the business service again, the detailsmap will be null
I want to keep the detailsmap after refreshing the token How can I do this?
Solution
As a solution, we no longer use details, but save its data in the userdetails implementation
In the method authentication (authentication authentication) implemented by the authenticationprovider, we return the usernamepasswordauthenticationtoken, which is mainly set to userdetailsimplementation This userdetailsimplementation is also returned in the userdetailsservice implementation, which is called when the token is refreshed
In business services, we can access the required data
((UserDetailsImplementation) authentication.getPrincipal()).getDesiredData();