重复的权限在Spring Security认证中

huangapple go评论87阅读模式
英文:

Duplicate authorities in spring security authentication

问题

我正在使用Spring Security为我的Web应用程序提供身份验证和授权。我使用JWT作为OAuth2访问令牌。但我发现身份验证有两个权限,一个是authentication.authorities。另一个是authentication.userAuthentication.authorities

因为权限很多,所以JWT的有效载荷太大了(30kb)。

有没有办法让身份验证中只有一个权限?

英文:

I'm using Spring security to provide authentication and authorization for my webapp. I use JWT as OAuth2 access token. But I found that the authentication has two authorities, one is authentication.authorities. The other one is authentication.userAuthentication.authorities.

重复的权限在Spring Security认证中

Because of the large number of authorities, so the JWT's payload is too big (30kb).

Is there any way that I can have only one authorities in authentication?

答案1

得分: 1

两个权威机构共享相同的列表数据。

UnmodifiableRandomAccessList 仅是一个包装器,它只会引用原始列表。您深入研究这两个权威机构,然后您会看到列表的实例ID相同。

英文:

The two authorities are shared the same list data.

UnmodifiableRandomAccessList only a wrapper, it will only refer the origin list. You dig into the two authorities, then you will see the same instance id of the list.

重复的权限在Spring Security认证中

huangapple
  • 本文由 发表于 2020年9月7日 14:38:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/63772495.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定