【问题标题】:Enhancement authorities in spring Oauth2春季增强权威 Oauth2
【发布时间】:2017-07-26 18:58:23
【问题描述】:
我正在从事一个项目,我有一个人在不同的租户中担任多个角色。所以我想自定义权限以获得该角色的角色和所有权。
"authorities": [
{
"authority": "ROLE_store",
"ownership": "sec 18"
}
]
弹簧代码:
private List<GrantedAuthority> getGrantedAuthoritiesForStore(){
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_"+"store"));
System.out.print("authorities :"+authorities);
return authorities;
}
【问题讨论】:
标签:
java
spring
spring-mvc
oauth-2.0
spring-security-oauth2
【解决方案1】:
这个解决方案解决了我的问题,它的结果几乎和我想要的一样。
public class CustomTokenEnhancer implements TokenEnhancer {
@Autowired
EmployeeService employeeService;
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
User user = (User) authentication.getPrincipal();
String username = user.getUsername();
List<Map<String, Object>> credential = employeeService.fetchEmployeesRoleCredentials(username);
final Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("credentials", credential);
// additionalInfo.put("authorities", user.getAuthorities());
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}