Как отправить только токен и тип? - PullRequest
0 голосов
/ 26 января 2019

Мне нужна помощь, чтобы устранить неудобства в моем коде, я внедряю службу oauth jwt с пружинной безопасностью, в общем случае токен отправляет дополнительную информацию, которую я не хочу, чтобы она отправляла.

Что я могу сделать?

{        
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJidXNpbmVzc19uYW1lIjoiTkVYTyBMVUJSSUNBTlRFUyBTLkEuIiwidXNlcl9uYW1lIjoiMjA1Mzc3Mzg3NzUtQURNSU4iLCJzY29wZSI6WyJhcGktcmVwb3J0IiwicmVhZCIsIndyaXRlIl0sInVzZXJfbmlja25hbWUiOiJTT1BPUlRFIEZBQ1RVUyIsImJ1c2luZXNzX2NvZGUiOiIyMDUzNzczODc3NSIsImV4cCI6MTU0ODQ5MjQ1MCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJiMDFmZWI4Ny03NGFhLTQxOTctODdiYS02YzQ1ZjU3ZWFjZTAiLCJjbGllbnRfaWQiOiJhcGktZmFjdHVzLXJlcG9ydCJ9.wyQy2VB2AYfsvOjiidj3aPgsLEk-rt7xTx_v9Nz0D1s",
    "token_type": "bearer",
    "expires_in": 3599, (I don't want to show)
    "scope": "api-report read write",  (I don't want to show)
    "business_name": "NEXO LUBRICANTES S.A.", (I don't want to show)
    "user_nickname": "SOPORTE FACTUS", (I don't want to show)
    "business_code": "20537738775", (I don't want to show)
    "jti": "b01feb87-74aa-4197-87ba-6c45f57eace0" (I don't want to show)
}

AuthorizationServerConfig.java
@Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(false);
        return defaultTokenServices;
    }

    @Override
    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
        endpoints.tokenStore(tokenStore()).tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager);
    }

    @Bean
    public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("123");
        // final KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("mytest.jks"), "mypass".toCharArray());
        // converter.setKeyPair(keyStoreKeyFactory.getKeyPair("mytest"));
        return converter;
    }

    @Bean
    public TokenEnhancer tokenEnhancer() { return new CustomTokenEnhancer(); }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }

==================================================== =====================

CustomTokenEnhancer.java 

public class CustomTokenEnhancer implements TokenEnhancer {

    @Autowired
    private UserMapper userMapper;
    public List<User> getinfo(String user_name) {
        List<User> userInfo = userMapper.joinUserBusiness(user_name);
        return userInfo;
    }

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        List<User> user_info = this.getinfo(authentication.getName());
        final Map<String, Object> additionalInfo = new HashMap<>();
        additionalInfo.put("user_nickname", user_info.get(0).getUser_name());
        additionalInfo.put("business_name", user_info.get(0).getBusiness_name());
        additionalInfo.put("business_code", user_info.get(0).getBusiness_code());
        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
        return accessToken;
    }
}

...