如何在使用 spring security 时实现从服务器获取当前用户信息,同时我从 android 客户端访问用户信息

问题描述 投票:0回答:1

  • 这是我登录后返回的JSON:

     {
  "access_token":"41208e01a-f26c-4167-9fc9-d16730022056",
   "token_type": "bearer",
   "refresh_token": "3808e00a-896c-8067-18c9-736730022032",
   "expires_in": 25348,
   "scope": "read write",
   "jti": "6f08e00a-d26c-4067-8fc9-c16730022028"
  }

  • 我想通过使用这个

    url:https://localhost:8080/user/getuserinfo?access_token=41208e01a-f26c-4167-9fc9-d16730022056
    从android客户端获取当前用户信息,我的意思是如何在服务器上实现需求,这是我的Configuration

java spring spring-security spring-security-oauth2
1个回答
0
投票

我改变了我的spring SecurityConfig,这里用来处理一些authorizeUrls:

@Configuration
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
//doing jdbc Authentication
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Configuration
@Order(1)
public static class ClientSecurityConfigurationAdapter extends
    WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/mobile/**")
  .formLogin().loginPage("/client/login")
  .loginProcessingUrl("/oauth/login")
  .successHandler(clientLoginSuccessHandler).permitAll()
  .and()
  .logout()
  .logoutSuccessHandler(clientLogoutSuccessHandler)
  .logoutUrl("/client/logout")
  .logoutSuccessUrl("/client/login")
  .invalidateHttpSession(true);
}
}
@Configuration
@Order(2)
public static class WebSecurityConfigurerAdapter extends
    WebSecurityConfigurerAdapter {          
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.regexMatcher("/((?!api).)*")
            .formLogin()
            .loginPage("/web/login")
            .loginProcessingUrl("/oauth/login")
            .successHandler(loginSuccessHandler)
            .permitAll()
            .and()
            .logout()
            .logoutSuccessHandler(logoutSuccessHandler)
            .logoutUrl("/web/logout")
            .logoutSuccessUrl("/web/login")
            .invalidateHttpSession(true);
  }
 }
}

并添加 ResourceServerConfig 处理令牌验证问题:

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Autowired
TokenStore tokenStore;

@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/api/**").//
            and().authorizeRequests().antMatchers("/api/**",).authenticated();
}

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.resourceId("openid").tokenStore(tokenStore);
}


}

最后,构建一个带有请求头的请求

"Authorization:Bearer <access_token>"
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.