oauth2 返回userId
1、前面写了个博文,oauth2如果自定义返回格式。 不知道的小伙伴自己去看下一下哈。
2、oauth2 自定义返回的字段里面只有 username 默认返回类是
3、 要自定义返回userId,首先自定义一个user 实现 UserDetails,CredentialsContainer接口
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert;
import java.io.Serializable;
import java.util.*;
import java.util.function.Function;
/**
* @author lj
* @title: UserDetailsVo
* @projectName cloud
* @description: TODO
* @date 2022/7/19 001916:40
*/
public class UserDetailsVo implements UserDetails,CredentialsContainer {
private static final long serialVersionUID = 510L;
private static final Log logger = LogFactory.getLog(UserDetailsVo.class);
private String password;
private final String username;
private final Set authorities;
private final boolean accountNonExpired;
private final boolean accountNonLocked;
private final boolean credentialsNonExpired;
private final boolean enabled;
private final String userId;
private final Set roleIds;
public UserDetailsVo(Set roleIds,String userId,String username, String password, Collection authorities) {
this(roleIds,userId,username, password, true, true, true, true, authorities);
}
public UserDetailsVo(Set roleIds,String userId,String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection authorities) {
if (username != null && !"".equals(username) && password != null) {
this.roleIds =roleIds;
this.userId = userId;
this.username = username;
this.password = password;
this.enabled = enabled;
this.accountNonExpired = accountNonExpired;
this.credentialsNonExpired = credentialsNonExpired;
this.accountNonLocked = accountNonLocked;
this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities));
} else {
throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
}
}
public Collection getAuthorities() {
return this.authorities;
}
public String getPassword() {
return this.password;
}
public String getUsername() {
return this.username;
}
public String getUserId() {
return this.userId;
}
public Set getRoleIds() {
return this.roleIds;
}
public boolean isEnabled() {
return this.enabled;
}
public boolean isAccountNonExpired() {
return this.accountNonExpired;
}
public boolean isAccountNonLocked() {
return this.accountNonLocked;
}
public boolean isCredentialsNonExpired() {
return this.credentialsNonExpired;
}
public void eraseCredentials() {
this.password = null;
}
private static SortedSet sortAuthorities(Collection authorities) {
Assert.notNull(authorities, "Cannot pass a null GrantedAuthority collection");
SortedSet sortedAuthorities = new TreeSet(new AuthorityComparator());
Iterator var2 = authorities.iterator();
while(var2.hasNext()) {
GrantedAuthority grantedAuthority = (GrantedAuthority)var2.next();
Assert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
sortedAuthorities.add(grantedAuthority);
}
return sortedAuthorities;
}
public boolean equals(Object rhs) {
return rhs instanceof UserDetailsVo ? this.username.equals(((UserDetailsVo)rhs).username) : false;
}
public int hashCode() {
return this.username.hashCode();
}
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append(super.toString()).append(": ");
sb.append("UserId: ").append(this.userId).append("; ");
sb.append("Username: ").append(this.username).append("; ");
sb.append("Password: [PROTECTED]; ");
sb.append("Enabled: ").append(this.enabled).append("; ");
sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
if (!this.authorities.isEmpty()) {
sb.append("Granted Authorities: ");
boolean first = true;
Iterator var3 = this.authorities.iterator();
while(var3.hasNext()) {
GrantedAuthority auth = (GrantedAuthority)var3.next();
if (!first) {
sb.append(",");
}
first = false;
sb.append(auth);
}
} else {
sb.append("Not granted any authorities");
}
return sb.toString();
}
public static UserBuilder withUsername(String username) {
return builder().username(username);
}
public static UserBuilder builder() {
return new UserBuilder();
}
/** @deprecated */
@Deprecated
public static UserBuilder withDefaultPasswordEncoder() {
logger.warn("User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications.");
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
UserBuilder var10000 = builder();
encoder.getClass();
return var10000.passwordEncoder(encoder::encode);
}
public static UserBuilder withUserDetails(UserDetails userDetails) {
return withUsername(userDetails.getUsername()).password(userDetails.getPassword()).accountExpired(!userDetails.isAccountNonExpired()).accountLocked(!userDetails.isAccountNonLocked()).authorities(userDetails.getAuthorities()).credentialsExpired(!userDetails.isCredentialsNonExpired()).disabled(!userDetails.isEnabled());
}
public static class UserBuilder {
private String userId;
private String username;
private String password;
private List authorities;
private boolean accountExpired;
private boolean accountLocked;
private boolean credentialsExpired;
private boolean disabled;
private Function passwordEncoder;
private UserBuilder() {
this.passwordEncoder = (password) -> {
return password;
};
}
public UserBuilder username(String username) {
Assert.notNull(username, "username cannot be null");
this.username = username;
return this;
}
public UserBuilder userId(String userId) {
Assert.notNull(userId, "username cannot be null");
this.userId = userId;
return this;
}
public UserBuilder password(String password) {
Assert.notNull(password, "password cannot be null");
this.password = password;
return this;
}
public UserBuilder passwordEncoder(Function encoder) {
Assert.notNull(encoder, "encoder cannot be null");
this.passwordEncoder = encoder;
return this;
}
public UserBuilder roles(String... roles) {
List authorities = new ArrayList(roles.length);
String[] var3 = roles;
int var4 = roles.length;
for(int var5 = 0; var5 < var4; ++var5) {
String role = var3[var5];
Assert.isTrue(!role.startsWith("ROLE_"), () -> {
return role + " cannot start with ROLE_ (it is automatically added)";
});
authorities.add(new SimpleGrantedAuthority("ROLE_" + role));
}
return this.authorities((Collection)authorities);
}
public UserBuilder authorities(GrantedAuthority... authorities) {
return this.authorities((Collection)Arrays.asList(authorities));
}
public UserBuilder authorities(Collection authorities) {
this.authorities = new ArrayList(authorities);
return this;
}
public UserBuilder authorities(String... authorities) {
return this.authorities((Collection) AuthorityUtils.createAuthorityList(authorities));
}
public UserBuilder accountExpired(boolean accountExpired) {
this.accountExpired = accountExpired;
return this;
}
public UserBuilder accountLocked(boolean accountLocked) {
this.accountLocked = accountLocked;
return this;
}
public UserBuilder credentialsExpired(boolean credentialsExpired) {
this.credentialsExpired = credentialsExpired;
return this;
}
public UserBuilder disabled(boolean disabled) {
this.disabled = disabled;
return this;
}
public UserDetails build() {
String encodedPassword = (String)this.passwordEncoder.apply(this.password);
return new User(this.username, encodedPassword, !this.disabled, !this.accountExpired, !this.credentialsExpired, !this.accountLocked, this.authorities);
}
}
private static class AuthorityComparator implements Comparator, Serializable {
private static final long serialVersionUID = 510L;
private AuthorityComparator() {
}
public int compare(GrantedAuthority g1, GrantedAuthority g2) {
if (g2.getAuthority() == null) {
return -1;
} else {
return g1.getAuthority() == null ? 1 : g1.getAuthority().compareTo(g2.getAuthority());
}
}
}
}
这里面 添加了 userId 以及 roleIds。
4、实现 UserDetailsService 接口
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private IUserService userService;
@Autowired
private IRoleService roleService;
@Override
public UserDetailsVo loadUserByUsername(String uniqueId) {
User user = userService.getByUniqueId(uniqueId);
if (user == null) {
throw new AuthException(AuthErrorType.USER_PASSWORD_ERROR);
}
UserDetailsVo userDetailsVo= new UserDetailsVo(
user.getRoleIds(),
user.getId(),
user.getUsername(),
user.getPassword(),
user.getEnabled(),
user.getAccountNonExpired(),
user.getCredentialsNonExpired(),
user.getAccountNonLocked(),
this.obtainGrantedAuthorities(user));
return userDetailsVo;
}
protected Set obtainGrantedAuthorities(User user) {
Set roles = user.getRoleIds();
if(CollectionUtils.isNotEmpty(roles)) {
return roles.stream().map(role -> new SimpleGrantedAuthority(role)).collect(Collectors.toSet());
}
return new HashSet<>();
}
} 然后将CustomUserDetailsService 在WebSecurityConfigurerAdapter注入
5、 实现 TokenEnhancer 接口 封装返回字段
public class CustomTokenEnhancer implements TokenEnhancer {
/**
* Authorization认证开头是"bearer "
*/
private static final String BEARER = "Bearer ";
/**
* Authorization认证开头是"Mac "
*/
private static final String MAC = "Mac ";
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map additionalInfo = Maps.newHashMap();
if (accessToken instanceof DefaultOAuth2AccessToken) {
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetailsVo) {
UserDetailsVo user = (UserDetailsVo) principal;
additionalInfo.put("userId", user.getUserId());
additionalInfo.put("roleIds", user.getRoleIds());
}
}
//账户名称
additionalInfo.put("username", authentication.getName());
String token_type = accessToken.getTokenType().toUpperCase().trim();
// 处理前端header 传递参数 Authorization 时 token 需要与 tokenHead拼接
if (token_type.equals(BEARER.toUpperCase().trim())) {
additionalInfo.put("token_head", BEARER);
} else if (token_type.equals(MAC.toUpperCase().trim())) {
additionalInfo.put("token_head", MAC);
}
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
} 6、 效果:
