英文:
Duplicate authorities in spring security authentication
问题
我正在使用Spring Security为我的Web应用程序提供身份验证和授权。我使用JWT作为OAuth2访问令牌。但我发现身份验证有两个权限,一个是authentication.authorities。另一个是authentication.userAuthentication.authorities。
因为权限很多,所以JWT的有效载荷太大了(30kb)。
有没有办法让身份验证中只有一个权限?
英文:
I'm using Spring security to provide authentication and authorization for my webapp. I use JWT as OAuth2 access token. But I found that the authentication has two authorities, one is authentication.authorities. The other one is authentication.userAuthentication.authorities.
Because of the large number of authorities, so the JWT's payload is too big (30kb).
Is there any way that I can have only one authorities in authentication?
答案1
得分: 1
两个权威机构共享相同的列表数据。
UnmodifiableRandomAccessList 仅是一个包装器,它只会引用原始列表。您深入研究这两个权威机构,然后您会看到列表的实例ID相同。
英文:
The two authorities are shared the same list data.
UnmodifiableRandomAccessList only a wrapper, it will only refer the origin list. You dig into the two authorities, then you will see the same instance id of the list.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论