我正在使用 Spring Boot 2.2.5 和 Spring Security 5.2.2spring-security-oauth2-resource-server
and spring-security-oauth2-jose
依赖关系。
在我的控制器方法中,我可以这样做:
@GetMapping
public ResponseEntity<?> doSomething(@AuthenticationPrincipal JwtAuthenticationToken principal) {
User user = getUser(principal);
...
}
The principal
被注入并包含 Azure 上用户的 ID(我使用的是 Azure AD B2C)。
在每种方法中我需要做的第一件事就是获取我自己的方法User
对象使用此私有方法检索User
从我的userService
春豆:
private User getUser(JwtAuthenticationToken principal) {
AuthorizationServerUserId authorizationServerUserId = AuthorizationServerUserId.fromPrincipal(principal);
return userService.findByAuthorizationServerUserId(authorizationServerUserId)
.orElseThrow(() -> UserNotFoundException.forAuthorizationServerUserId(authorizationServerUserId));
}
我如何配置 Spring (Boot) 才能使其正常工作:
@GetMapping
public ResponseEntity<?> doSomething(@AuthenticationPrincipal User user) {
}
目前安全配置是这样完成的:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
.authorizeRequests(registry -> {
registry.antMatchers("/registration/**").permitAll();
registry.antMatchers("/api/**").authenticated();
});
}
}