Extra claim doesn't add to JWT payload by cust

2019-08-20 11:22发布

问题:

I've created some TokenEnhancer to add extra claim to JWT:

@Component
public class TestTokenEnhancer implements TokenEnhancer {

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {

        final Map<String, Object> additionalJwtProperties = ImmutableMap
                .<String, Object>builder()
                .put("testProperty", "testValue")
                .build();

        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalJwtProperties);

        return accessToken;
    }
}

Then I've configured my authorization server, one:

@Configuration
public class TokenConfig {

    private List<TokenEnhancer> tokenEnhancers;

    @Autowired
    public void setTokenEnhancers(List<TokenEnhancer> tokenEnhancers) {
        this.tokenEnhancers = tokenEnhancers;
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("test123");
        return converter;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    @Bean
    public TokenEnhancerChain tokenEnhancerChain() {
        TokenEnhancerChain chain = new TokenEnhancerChain();
        chain.setTokenEnhancers(allTokenEnhancers());
        return chain;
    }

    private List<TokenEnhancer> allTokenEnhancers() {
        TokenEnhancer[] restTokenEnhancers = this.tokenEnhancers.toArray(new TokenEnhancer[this.tokenEnhancers.size()]);
        return Lists.asList(accessTokenConverter(), restTokenEnhancers);
    }
}

and two:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private AuthenticationManager authenticationManager;
    private TokenStore tokenStore;
    private TokenEnhancerChain tokenEnhancerChain;

    @Autowired
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Autowired
    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    @Autowired
    public void setTokenEnhancerChain(TokenEnhancerChain tokenEnhancerChain) {
        this.tokenEnhancerChain = tokenEnhancerChain;
    }

    @Override
    public void configure(final ClientDetailsServiceConfigurer clients) throws Exception { // @formatter:off
        clients.inMemory()
          .withClient("client-example")
          .secret("client-secret")
          .authorizedGrantTypes("password")
          .scopes("message-service")
          .autoApprove(true);
    } // @formatter:on

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) { // @formatter:off
        endpoints
          .tokenStore(this.tokenStore)
          .authenticationManager(this.authenticationManager)
          .tokenEnhancer(this.tokenEnhancerChain);
    } // @formatter:on
}

When I request an access token from authorization server, it responds me with follow json:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTk3OTU0NTAsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiODc5NGI1MmUtZTE4NC00MTJiLWIzOTQtYzY0MTBjN2Q4N2QyIiwiY2xpZW50X2lkIjoiY2xpZW50LWV4YW1wbGUiLCJzY29wZSI6WyJtZXNzYWdlLXNlcnZpY2UiXX0.d2P-Z-SBkoH3ktckVWwW7CvHQXIeqxFvWr_far-dzuo",
  "token_type": "bearer",
  "expires_in": 43200,
  "scope": "message-service",
  "testProperty": "testValue"
}

I see the "testProperty" in the obtained json but when I take a value of "access_token" property and check its contents via jwt.io the "testProperty" in the JWT's payload doesn't exist. Is it correct behavior?

回答1:

It's important to add a JwtAccessTokenConverter at the end of list of tokenEnhancers of TokenEnhancerChain object.

private List<TokenEnhancer> allTokenEnhancers() {
    return ImmutableList
            .<TokenEnhancer>builder()
            .addAll(this.tokenEnhancers)
            .add(accessTokenConverter())
            .build();
}

Otherwise, after applying of JwtAccessTokenConverter all of extra claims which were added by another TokenEnhancers won't be added to JWT's payload section.