英文:
authorities Collection from Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt) is empty
问题
以下是您要翻译的内容:
"I am testing a method that override some parameter in jwtGrantedAuthoritiesConverter but always when i debug get that this collection (Collection
can some one help me please .. Thank you!
class SecurityConfigTest {
@Test
void convertWithOverriddenGrantedAuthoritiesConverter() {
Jwt jwt = this.jwt(Collections.singletonMap("scope", "message:read message:write"));
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("message:read"),
new SimpleGrantedAuthority("message:write"));
Assert.assertTrue(authorities.contains("roles"));
}
private Jwt jwt(Map<String, Object> claims) {
Map<String, Object> headers = new HashMap<>();
headers put("alg", JwsAlgorithms.RS256);
return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims);
}
}"
英文:
I am testing a method that override some parameter in jwtGrantedAuthoritiesConverter but always when i debug get that this collection (Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);) is empty did not know the reason !! here is my code
can some one help me please .. Thank you!
class SecurityConfigTest {
@Test
void convertWithOverriddenGrantedAuthoritiesConverter() {
Jwt jwt = this.jwt(Collections.singletonMap("scope", "message:read message:write"));
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
assertThat(authorities).containsExactly(
new SimpleGrantedAuthority("message:read"),
new SimpleGrantedAuthority("message:write"));
Assert.assertTrue(authorities.contains("roles"));
}
private Jwt jwt(Map<String, Object> claims) {
Map<String, Object> headers = new HashMap<>();
headers.put("alg", JwsAlgorithms.RS256);
return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims);
}
}
答案1
得分: 0
根据文档,Spring 在尝试将作用域映射到角色时使用的默认声明是 JWT 中的 scope 声明。您可以通过提供自定义的 JwtGrantedAuthoritiesConverter 并使用 setAuthoritiesClaimName 方法来覆盖此行为,以设置不同的声明。上述代码中有这行:
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
因此,Spring 试图在 JWT 中找到一个名为 roles 的声明,将其映射到权限,但是它找不到,所以返回为空。删除该行将解决问题。
英文:
according to the docs the default claim that spring will use when trying to find Authorities to mapping scopes to roles is the scope claim in the JWT.
You can override this behavior by supplying a custom JwtGrantedAuthoritiesConverter and use the setAuthoritiesClaimName to set a different claim.
the above code has this line
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
so spring tries to find a claim called roles in the JWT, that it can map to authorities and it can't find it, so it returns empty.
Removing that line will fix the problem.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论