英文:
Spring Boot OAuth2/Cognito: Get UserInfo by AccessToken
问题
以下是您要翻译的内容:
我有一个 Spring Boot 资源服务器,通过从 cookie 中提取的 accessToken 对用户进行身份验证。accessToken 是从 React 前端应用中从 Cognito UserPool 中检索到的,并写入了一个 cookie。似乎 Spring 成功地对用户进行了身份验证,我可以在 SecurityContextHolder.getContext().authentication.name 中看到用户名。我需要检索用户的其他属性,比如电子邮件。我查找了大部分解决方案,它们都说 SecurityContextHolder.getContext().authentication.principal 应该包含我所需的所有属性。在我的情况下,它是一个字符串,我无法将其转换为任何用户对象。甚至 SecurityContextHolder.getContext().authentication.details 也为 null。
在我的应用程序属性中定义了 security.oauth2.resource.user-info-uri。我感觉我漏掉了一些导致身份验证上下文中缺少用户属性的东西。
这是我的资源服务器安全配置:
@Configuration
@EnableResourceServer
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends ResourceServerConfigurerAdapter {
private final ResourceServerProperties resource;
public SpringSecurityConfig(ResourceServerProperties resource) {
this.resource = resource;
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenExtractor(new CustomExtractor());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests();
}
// Enabling Cognito Converter
@Bean
public TokenStore jwkTokenStore() {
return new JwkTokenStore(
Collections.singletonList(resource.getJwk().getKeySetUri()),
new CognitoAccessTokenConverter(),
null);
}
}
英文:
I have a spring boot resource server that authenticates the user by the accessToken extracted from a cookie. The accessToken is retrieved from Cognito UserPool in a react FE and written to a cookie. It seems spring managed to authenticate the user and I can see username in SecurityContextHolder.getContext().authentication.name. I need to retrieve the rest of user attributes, like email. Most of the solutions I looked up say the SecurityContextHolder.getContext().authentication.principal should contain all attributes I need. Its a string in my case and I can't cast it to any User object. Even SecurityContextHolder.getContext().authentication.details is null.
I have user-info-uri defined in my application-properties security.oauth2.resource.user-info-uri. I feel I missing something that causes user attributes to be missing from the authentication context.
This is my resource server security configuration:
@Configuration
@EnableResourceServer
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends ResourceServerConfigurerAdapter {
private final ResourceServerProperties resource;
public SpringSecurityConfig(ResourceServerProperties resource) {
this.resource = resource;
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenExtractor(new CustomExtractor());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests();
}
// Enabling Cognito Converter
@Bean
public TokenStore jwkTokenStore() {
return new JwkTokenStore(
Collections.singletonList(resource.getJwk().getKeySetUri()),
new CognitoAccessTokenConverter(),
null);
}
}
专注分享java语言的经验与见解,让所有开发者获益!
评论