英文:
Spring OAuth2 extract Principal from access token string
问题
我有在控制器中收到的访问令牌,需要从字符串访问令牌中提取主体。在方法参数中不使用身份验证,因为此对象将是不同的用户。简单解码令牌应该有所帮助。有人知道如何仅从访问令牌字符串中执行吗?
示例
@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication, @RequestParam("access_token") String accessToken) {
// 从accessToken变量中提取Principal
}
英文:
I have access token received in controller and I need to extract Principal from string access token. Without using Authentication in method argument since in this object will be different user. Simple decoding of token should help. Anyone know how to do that from just access token string?
Example
@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication,@RequestParam("access_token") String accessToken) {
//extract Principal from accessToken variable
}
答案1
得分: 1
I manage to get Principal from access token string.
@Autowired
private TokenStore tokenStore;
@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication, @RequestParam("access_token") String accessToken) {
tokenStore.readAuthentication(accessToken).getPrincipal();
}
英文:
After some time I manage to get Principal from access token string.
@Autowired
private TokenStore tokenStore;
@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication,@RequestParam("access_token") String accessToken) {
tokenStore.readAuthentication(accessToken).getPrincipal();
}
答案2
得分: 0
I don't know why you're sending another user's token in the request, which I find it dangerous because access tokens contain sensitive information (credentials). I advise you to change the way you identify the second user by creating something like an action or identification token. The schema you define should contain the user's ID and the information you want to send.
In case you have another philosophy that you didn't mention, and assuming the access token is a JWT, you must first validate it using the algorithm and the private key used to hash it. If it's a valid token, you can access its content.
@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication, @RequestParam("access_token") JwtAuthenticationToken accessToken) {
// Validate your accessToken
// To access the token details
accessToken.getTokenAttributes().get(A_KEY_IN_YOUR_TOKEN)
}
Check this class.
英文:
I don't know why you're sending another user's token in the request, which i find it dangerous cause access token contain sensible information ( credentials ). i advise you to change the way you identify the second user by creating something like action or identification token ( the schema you define will contain the id of the user and the information you want to send ).
in case you have another phylosophhy that you didn't mention and assuming the access token is a Jwt, you must first validate it, using the algorithm and the private key used to hash it.if it's a valid token, you can access its content.
@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication,@RequestParam("access_token") JwtAuthenticationToken accessToken) {
// validate your accessToken
// to access the token details
accessToken.getTokenAttributes().get(A_KEY_IN_YOUR_TOKEN)
}
check this class
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论