{"id":1425,"date":"2023-03-20T21:52:26","date_gmt":"2023-03-20T13:52:26","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1425"},"modified":"2023-04-28T21:03:42","modified_gmt":"2023-04-28T13:03:42","slug":"spring-security-oauth2-custom-grantedauthority-authorization-interface","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/20\/spring-security-oauth2-custom-grantedauthority-authorization-interface\/","title":{"rendered":"Spring Security OAuth2 \u81ea\u5b9a\u4e49GrantedAuthority\u6388\u6743\u63a5\u53e3"},"content":{"rendered":"<p>\u4f7f\u7528Security OAuth2\u7684\u65f6\u5019\u9700\u8981\u8fd4\u56de\u7ed9\u524d\u7aef\u7528\u6237\u7684\u89d2\u8272\u6216\u8005\u6743\u9650\uff0c\u6846\u67b6\u63d0\u4f9b\u4e86<code>GrantedAuthority<\/code>\u63a5\u53e3\uff0c\u6709\u4e00\u4e2a\u9ed8\u8ba4\u7684\u5b9e\u73b0<code>SimpleGrantedAuthority<\/code>\uff0c\u4f46\u662f\u5b83\u53ea\u80fd\u8fd4\u56de\u7b80\u5355<br \/>\n\u7684\u5b57\u7b26\u4e32\uff0c\u5982\u679c\u6211\u4eec\u60f3\u7075\u6d3b\u7684\u4f7f\u7528\u5f88\u96be\u63a7\u5236\uff1b\u6240\u4ee5\u6211\u8fd9\u8fb9\u901a\u8fc7\u5b9e\u73b0<code>GrantedAuthority<\/code>\u63a5\u53e3\uff0c\u81ea\u5b9a\u4e49\u5b9e\u73b0\u6743\u9650\u63a7\u5236\uff1b<\/p>\n<h2>\u81ea\u5b9a\u4e49\u6388\u6743\u63a5\u53e3\u5982\u4e0b<\/h2>\n<p><!-- more --><\/p>\n<pre><code class=\"language-java\">\/**\n * @Description: \u81ea\u5b9a\u4e49GrantedAuthority\u63a5\u53e3\n * @Package: cn.appblog.security.oauth2.authority.UserGrantedAuthority\n * @Version: 1.0\n *\/\npublic class UserGrantedAuthority implements GrantedAuthority {\n    private Map&lt;String, Object&gt; authoritys = Maps.newHashMap();\n\n    public UserGrantedAuthority(String name, Object value) {\n        authoritys.put(name, value);\n    }\n\n    @Override\n    public String getAuthority() {\n        return JSON.toJSONString(authoritys);\n    }\n}<\/code><\/pre>\n<h2>\u7528\u6237\u9a8c\u8bc1\u4fe1\u606f\u7c7b\u4e2d\u7684\u4f7f\u7528\u65b9\u6cd5<\/h2>\n<pre><code class=\"language-java\">\/**\n * @Description: \u7528\u6237\u8ba4\u8bc1\n * @Package: cn.appblog.security.oauth2.service.UserAuthDetailsService\n * @Version: 1.0\n *\/\n@Component\npublic class UserAuthDetailsService implements UserDetailsService {\n    @Autowired\n    private PasswordEncoder passwordEncoder;\n\n    \/**\n     * \u6839\u636e\u7528\u6237\u540d\u67e5\u8be2\u7528\u6237\u89d2\u8272\u3001\u6743\u9650\u7b49\u4fe1\u606f\n     *\/\n    @Override\n    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {\n        GrantedAuthority authority = new UserGrantedAuthority(&quot;username&quot;, username);\n\n        JSONArray array = new JSONArray();\n        array.add(&quot;\/a\/b&quot;);\n        array.add(&quot;\/a\/c&quot;);\n        array.add(&quot;\/oauth\/token&quot;);\n        GrantedAuthority interfaces = new UserGrantedAuthority(&quot;interfaces&quot;, array);\n\n        \/**\n         isEnabled \u8d26\u6237\u662f\u5426\u542f\u7528\n         isAccountNonExpired \u8d26\u6237\u6ca1\u6709\u8fc7\u671f\n         isCredentialsNonExpired \u8eab\u4efd\u8ba4\u8bc1\u662f\u5426\u662f\u6709\u6548\u7684\n         isAccountNonLocked \u8d26\u6237\u6ca1\u6709\u88ab\u9501\u5b9a\n         *\/\n        return new User(username, passwordEncoder.encode(&quot;123456&quot;),\n                true,\n                true,\n                true,\n                true,\n                Arrays.asList(authority, interfaces));\n    }\n\n}<\/code><\/pre>\n<h2>\u63a7\u5236\u5668\u65b9\u6cd5\u83b7\u53d6\u7528\u6237\u4fe1\u606f\u89e3\u6790\u6743\u9650\u53ca\u8fd4\u56de\u524d\u7aef<\/h2>\n<pre><code class=\"language-java\">\/**\n * \/oauth\/token\uff08\u4ee4\u724c\u7aef\u70b9\uff09\u5237\u65b0token\u4fe1\u606f\n *\/\n@RequestMapping(value = &quot;refresh_token&quot;, method = RequestMethod.POST)\npublic ResponseEntity&lt;BaseResponse&gt; refreshToken(@RequestParam String refresh_token) {\n    try {\n        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();\n        resource.setId(propertyService.getProperty(&quot;spring.security.oauth.resource.id&quot;));\n        resource.setClientId(propertyService.getProperty(&quot;spring.security.oauth.resource.client.id&quot;));\n        resource.setClientSecret(propertyService.getProperty(&quot;spring.security.oauth.resource.client.secret&quot;));\n        resource.setGrantType(GrantTypeEnum.REFRESH_TOKEN.getGrant_type());\n        resource.setAccessTokenUri(propertyService.getProperty(&quot;spring.security.oauth.token.uri&quot;));\n\n        ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();\n        OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refresh_token);\n        OAuth2AccessToken accessToken = provider.refreshAccessToken(resource, refreshToken, new DefaultAccessTokenRequest());\n\n        Map&lt;String, Object&gt; result = Maps.newLinkedHashMap();\n        result.put(&quot;access_token&quot;, accessToken.getValue());\n        result.put(&quot;token_type&quot;, accessToken.getTokenType());\n        result.put(&quot;refresh_token&quot;, accessToken.getRefreshToken().getValue());\n        result.put(&quot;expires_in&quot;, accessToken.getExpiresIn());\n        result.put(&quot;scope&quot;, StringUtils.join(accessToken.getScope(), &quot;,&quot;));\n        result.putAll(accessToken.getAdditionalInformation());\n\n        Collection&lt;? extends GrantedAuthority&gt; authorities = tokenStore.readAuthentication(accessToken).getUserAuthentication().getAuthorities();\n        JSONObject jsonObject = new JSONObject();\n        for (GrantedAuthority authority : authorities) {\n            jsonObject.putAll(JSONObject.parseObject(authority.getAuthority()));\n        }\n        result.put(&quot;authorities&quot;, jsonObject);\n\n        return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.OK, result));\n    } catch (Exception e) {\n        e.printStackTrace();\n        return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION, e.toString()));\n    }\n}<\/code><\/pre>\n<h2>\u6d4b\u8bd5\u8fd4\u56de\u7ed3\u679c<\/h2>\n<pre><code class=\"language-json\">{\n    &quot;status&quot;: 200,\n    &quot;message&quot;: &quot;SUCCESS&quot;,\n    &quot;data&quot;: {\n        &quot;access_token&quot;: &quot;ce63485567c648f0b20135ae8027a732&quot;,\n        &quot;refresh_token&quot;: &quot;3598ee77dddb4cf1865d6c1e09b4700b&quot;,\n        &quot;scope&quot;: &quot;all&quot;,\n        &quot;token_type&quot;: &quot;bearer&quot;,\n        &quot;expires_in&quot;: 58,\n        &quot;client_id&quot;: &quot;client_password&quot;,\n        &quot;authorities&quot;: {\n            &quot;interfaces&quot;: [\n                &quot;\/a\/b&quot;,\n                &quot;\/a\/c&quot;,\n                &quot;\/oauth\/token&quot;\n            ],\n            &quot;username&quot;: &quot;admin&quot;\n        }\n    }\n}<\/code><\/pre>\n<p>\u672c\u6587\u8f6c\u8f7d\u53c2\u8003 <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/blog.csdn.net\/yaomingyang\/column\/info\/41645\" title=\"\u539f\u6587\">\u539f\u6587<\/a> \u5e76\u52a0\u4ee5\u8c03\u8bd5<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4f7f\u7528Security OAuth2\u7684\u65f6\u5019\u9700\u8981\u8fd4\u56de\u7ed9\u524d\u7aef\u7528\u6237\u7684\u89d2\u8272\u6216\u8005\u6743\u9650\uff0c\u6846\u67b6\u63d0\u4f9b\u4e86GrantedAuthor [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[354],"tags":[353],"class_list":["post-1425","post","type-post","status-publish","format-standard","hentry","category-spring-security","tag-oauth2"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1425"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1425\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}