你将需要实现一个自定义TokenEnhancer,如下所示:
public class CustomTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { User user = (User) authentication.getPrincipal(); final Map<String, Object> additionalInfo = new HashMap<>(); additionalInfo.put("customInfo", "some_stuff_here"); additionalInfo.put("authorities", user.getAuthorities()); ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo); return accessToken; }}并将其作为具有相应设置器的Bean添加到你的AuthorizationServerConfigurerAdapter中
@Configuration@EnableAuthorizationServerprotected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { // Some autowired stuff here @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { // @formatter:off endpoints // ... .tokenEnhancer(tokenEnhancer()); // @formatter:on } @Bean @Primary public AuthorizationServerTokenServices tokenServices() { DefaultTokenServices tokenServices = new DefaultTokenServices(); // ... tokenServices.setTokenEnhancer(tokenEnhancer()); return tokenServices; } // Some @Bean here like tokenStore @Bean public TokenEnhancer tokenEnhancer() { return new CustomTokenEnhancer(); }}然后在控制器中(例如)
@RestControllerpublic class MyController { @Autowired private AuthorizationServerTokenServices tokenServices; @RequestMapping(value = "/getSomething", method = RequestMethod.GET) public String getSection(OAuth2Authentication authentication) { Map<String, Object> additionalInfo = tokenServices.getAccessToken(authentication).getAdditionalInformation(); String customInfo = (String) additionalInfo.get("customInfo"); Collection<? extends GrantedAuthority> authorities = (Collection<? extends GrantedAuthority>) additionalInfo.get("authorities"); // Play with authorities return customInfo; }}我个人使用JDBC TokenStore,所以我的“一些自动装配的东西在这里”对应于某些@Autowired数据源,PasswordEnprer和不对应的东西。
