Shulou(Shulou.com)06/02 Report--

This article shows you how SpringSecurity OAuth2 customizes ClientDetails, which is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Recently, the custom ClientDetails that is doing SpringSecurityOAuth3 has been implemented in two ways.

Implement ClientDetailsService and pass the value into BaseClientDetails and return

@ Override public ClientDetails loadClientByClientId (String clientId) throws ClientRegistrationException {AuthClient authClient = authClientService.loadClientByClientId (clientId); BaseClientDetails details = new BaseClientDetails (authClient.getClientId (), authClient.getResourceIds (), authClient.getScopes (), authClient.getAuthorizedGrantTypes (), authClient.getAuthorities (), authClient.getRedirectUris ()); details.setClientSecret (authClient.getClientSecret ()) Return details;}

Implement ClientDetails first and then ClientDetailsService

ClientDetails

Public class MyClientDetails implements ClientDetails {private AuthClientDetails client; public MyClientDetails (AuthClientDetails client) {this.client = client;} public MyClientDetails () {} / * * The client id. * * @ return The client id. * / @ Override public String getClientId () {return client.getClientId ();}

ClientDetailsService

@ Override public ClientDetails loadClientByClientId (String clientId) throws ClientRegistrationException {AuthClientDetails clientDetails = authClientDetailsMapper.selectClientDetailsByClientId (clientId); if (clientDetails = = null) {throw new ClientRegistrationException ("the client does not exist");} MyClientDetails details = new MyClientDetails (clientDetails); return details;}

Relatively speaking, the second method is much more flexible, encountered in the process of using a problem using the simplest dependent custom ClientDetails can not return token, and returns a null value. The loadUserByUsername method of ClientDetailsUserDetailsService reports an error

After debug analysis, the problem lies in the question of the return value of the permission set of custom ClientDetails.

Error writing

@ Override public Collection getAuthorities () {return (client.getAuthorities ()! = null & & client.getAuthorities () .trim () .length () > 0)? AuthorityUtils.commaSeparatedStringToAuthorityList (client.getAuthorities ()): null;}

This method of writing will cause Cannot pass a null GrantedAuthority collection errors, cannot survive token, but will not report any errors.

Correct writing method

@ Override public Collection getAuthorities () {return (client.getAuthorities ()! = null & & client.getAuthorities () .trim () .length () > 0)? AuthorityUtils.commaSeparatedStringToAuthorityList (client.getAuthorities ()): Collections.emptyList ();} the above is how SpringSecurity OAuth2 customizes ClientDetails. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.