碼上歡樂
相關內容    簡體    繁體

使用fastjson時spring security oauth2獲取token格式變化

本文轉載自   查看原文   2020-07-28 16:05   554    java

1.問題

使用下面請求獲取token時

http://localhost:8080/oauth/token?grant_type=client_credentials&scope=select&client_id=client_1&client_secret=123456

預期返回值

{
    "access_token": "b0f73d20-1c74-43f6-991d-3b4ca74fc4d4",
    "token_type": "bearer",
    "expires_in": 41374,
    "scope": "select"
}

但是返回值為

{
"expiration": 1513752144897,
"expired": false,
"expiresIn": 604799,
"refreshToken": {
"expiration": 1515739344897,
"value": "dae50004-939c-40f2-98d8-4882374e08c7"
},
"scope": [
"api"
],
"tokenType": "bearer",
"value": "1e2c4181-01be-4aa1-8042-c2d2f74008d0"
}

2.原因

使用fastjson而不是默認的Jackson

3.解決方法

新寫OAuth2AccessTokenMessageConverter類

public class OAuth2AccessTokenMessageConverter extends AbstractHttpMessageConverter<OAuth2AccessToken> {

    private final FastJsonHttpMessageConverter delegateMessageConverter;

    public OAuth2AccessTokenMessageConverter() {
        super(MediaType.APPLICATION_JSON);
        this.delegateMessageConverter = new FastJsonHttpMessageConverter();
    }

    @Override
    protected boolean supports(Class<?> clazz) {
        return OAuth2AccessToken.class.isAssignableFrom(clazz);
    }

    @Override
    protected OAuth2AccessToken readInternal(Class<? extends OAuth2AccessToken> clazz, HttpInputMessage inputMessage)
            throws IOException, HttpMessageNotReadableException {
        throw new UnsupportedOperationException(
                "This converter is only used for converting from externally aqcuired form data");
    }

    @Override
    protected void writeInternal(OAuth2AccessToken accessToken, HttpOutputMessage outputMessage) throws IOException,
            HttpMessageNotWritableException {
        Map<String, Object> data = new HashMap<>(8);
        data.put(OAuth2AccessToken.ACCESS_TOKEN, accessToken.getValue());
        data.put(OAuth2AccessToken.TOKEN_TYPE, accessToken.getTokenType());
        data.put(OAuth2AccessToken.EXPIRES_IN, accessToken.getExpiresIn());
        data.put(OAuth2AccessToken.SCOPE, String.join(" ", accessToken.getScope()));
        OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
        if (Objects.nonNull(refreshToken)) {
            data.put(OAuth2AccessToken.REFRESH_TOKEN, refreshToken.getValue());
        }
        delegateMessageConverter.write(data, MediaType.APPLICATION_JSON, outputMessage);
    }

}

 

加入MessageConverters

@Configuration
public class Oauth2WebMvcConfigurer implements WebMvcConfigurer {

    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
       converters.add(0, new FastJsonHttpMessageConverter());
       converters.add(0, new OAuth2AccessTokenMessageConverter());
    }
}

 

4.參考文檔

參考FelixFly回答 https://github.com/alibaba/fastjson/issues/1640

https://blog.csdn.net/yuelangyc/article/details/88235639

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Spring Security OAuth2自定義Token獲取方式 Spring Security OAuth2 之token 和 refresh token 使用Redis作為Spring Security OAuth2的token存儲 spring security oauth2 Spring Security 實戰干貨:OAuth2登錄獲取Token的核心邏輯 Spring Security Oauth2 的配置 Spring Security OAuth2入門 Spring Security Web 和 OAuth2 Spring Security OAuth2學習 使用Spring Security OAuth2進行簡單的單點登錄
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM