java - How to get Additional fields in the JWT token in security context of Resource Server -
i trying implement spring security oauth2 in application. configuration working except not able additional fields of jwt token in resource server security context object.
here configuration:
authorization server:
public class springsecurityconfig extends authorizationserverconfigureradapter {      @autowired     @qualifier("authenticationmanagerbean")     private authenticationmanager authenticationmanager;      @override     public void configure(final clientdetailsserviceconfigurer clients) throws exception {         clients.withclientdetails(clientdetailsservice());     }      @override     public void configure(authorizationserversecurityconfigurer oauthserver) throws exception {         oauthserver.allowformauthenticationforclients().tokenkeyaccess("permitall()")                 .checktokenaccess("isauthenticated()");     }      @override     public void configure(authorizationserverendpointsconfigurer endpoints) throws exception {         endpoints.userapprovalhandler(userapprovalhandler()).tokenservices(tokenservices())                 .clientdetailsservice(clientdetailsservice()).authenticationmanager(authenticationmanager).accesstokenconverter(tokenenhancer());     }      @bean     public customtokenenhancer accesstokenenhancer() {         customtokenenhancer customtokenenhancer = new customtokenenhancer();         return customtokenenhancer;     };      @bean     public oauth2authenticationentrypoint oauthauthenticationentrypoint() {         oauth2authenticationentrypoint oauth2authenticationentrypoint = new oauth2authenticationentrypoint();         oauth2authenticationentrypoint.setrealmname("test");         return oauth2authenticationentrypoint;     }      @bean     public oauth2authenticationentrypoint clientauthenticationentrypoint() {         oauth2authenticationentrypoint clientauthenticationentrypoint = new oauth2authenticationentrypoint();         clientauthenticationentrypoint.setrealmname("test/client");         clientauthenticationentrypoint.settypename("basic");         return clientauthenticationentrypoint;     }      @bean     public oauth2accessdeniedhandler oauthaccessdeniedhandler() {         return new oauth2accessdeniedhandler();     }      @bean     public clientcredentialstokenendpointfilter clientcredentialstokenendpointfilter() {         clientcredentialstokenendpointfilter clientcredentialstokenendpointfilter = new clientcredentialstokenendpointfilter();         clientcredentialstokenendpointfilter.setauthenticationmanager(authenticationmanager);         return clientcredentialstokenendpointfilter;     }      @bean     public unanimousbased accessdecisionmanager() {         list<accessdecisionvoter<? extends object>> accessdecisionvoter = new arraylist<accessdecisionvoter<? extends object>>();         scopevoter scopevoter = new scopevoter();         rolevoter rolevoter = new rolevoter();         authenticatedvoter authenticatedvoter = new authenticatedvoter();         accessdecisionvoter.add(scopevoter);         accessdecisionvoter.add(rolevoter);         accessdecisionvoter.add(authenticatedvoter);         unanimousbased accessdecisionmanager = new unanimousbased(accessdecisionvoter);         return accessdecisionmanager;     }      @bean     public clientdetailsuserdetailsservice clientdetailsuserdetailsservice() throws exception {         clientdetailsuserdetailsservice clientdetailsuserdetailsservice = new clientdetailsuserdetailsservice(                 clientdetailsservice());         return clientdetailsuserdetailsservice;     }      @bean     public jwtaccesstokenconverter tokenconverter() {         final jwtaccesstokenconverter converter = new jwtaccesstokenconverter();         final customtokensignkeygenerator signkey = new customtokensignkeygenerator();         converter.setsigningkey(signkey.getsecuritykey());         return converter;     }      @bean     public jwtaccesstokenconverter tokenenhancer() {         jwtaccesstokenconverter tokenenhancer = new jwtaccesstokenconverter();         final customtokensignkeygenerator signkey = new customtokensignkeygenerator();         tokenenhancer.setsigningkey(signkey.getsecuritykey());         tokenenhancer.setaccesstokenconverter(tokenconverter());         return tokenenhancer;     }      @bean     public tokenenhancerchain tokenenhancerchain() {         tokenenhancerchain tokenenhancerchain = new tokenenhancerchain();         list<tokenenhancer> delegates = new arraylist<tokenenhancer>();         delegates.add(tokenenhancer());         delegates.add(accesstokenenhancer());         tokenenhancerchain.settokenenhancers(delegates);         return tokenenhancerchain;     }      @bean     public defaultoauth2requestfactory requestfactory() throws exception {         defaultoauth2requestfactory defaultoauth2requestfactory = new defaultoauth2requestfactory(                 clientdetailsservice());         return defaultoauth2requestfactory;     }      @bean     public clientcredentialstokengranter tokengranter() throws exception {         authorizationservertokenservices tokenservices = tokenservices();         oauth2requestfactory requestfactory = requestfactory();         clientcredentialstokengranter clientcredentialstokengranter = new clientcredentialstokengranter(tokenservices,                 clientdetailsservice(), requestfactory);         return clientcredentialstokengranter;     }      @bean     public jwttokenstore tokenstore() {         jwttokenstore tokenstore = new jwttokenstore(tokenenhancer());         return tokenstore;     }      @bean     public defaulttokenservices tokenservices() throws exception {         defaulttokenservices defaulttokenservices = new defaulttokenservices();         defaulttokenservices.settokenstore(tokenstore());         defaulttokenservices.setsupportrefreshtoken(true);         defaulttokenservices.setaccesstokenvalidityseconds(300);         defaulttokenservices.setclientdetailsservice(clientdetailsservice());         defaulttokenservices.settokenenhancer(tokenenhancerchain());         return defaulttokenservices;     }      @bean     public defaultoauth2requestfactory oauth2requestfactory() throws exception {         defaultoauth2requestfactory defaultoauth2requestfactory = new defaultoauth2requestfactory(                 clientdetailsservice());         return defaultoauth2requestfactory;     }      @bean     public tokenstoreuserapprovalhandler userapprovalhandler() throws exception {         tokenstoreuserapprovalhandler tokenstoreuserapprovalhandler = new tokenstoreuserapprovalhandler();         tokenstoreuserapprovalhandler.setrequestfactory(requestfactory());         tokenstoreuserapprovalhandler.settokenstore(tokenstore());         return tokenstoreuserapprovalhandler;     }      @bean     public clientdetailsservice clientdetailsservice() throws exception {         return new inmemoryclientdetailsservicebuilder().withclient("restapp").secret("restapp")                 .authorizedgranttypes("password", "authorization_code").scopes("read").authorities("role_user")                 .accesstokenvalidityseconds(3600).and().build();     }  } custom token enhancer:
public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) {         //featurelogger.debug("start of enhance method in customtokenenhancer");         ldapuserdetails userdetails = (ldapuserdetails) authentication.getprincipal();         final map<string, object> additionalinfo = new hashmap<>();          additionalinfo.put(pharmacyoauthconstants.user_name, userdetails.getusername());         additionalinfo.put(pharmacyoauthconstants.store_id, "hysjg");         additionalinfo.put(pharmacyoauthconstants.user_roles, userdetails.getauthorities());          ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo);         //featurelogger.debug("end of enhance method in customtokenenhancer");         return accesstoken;         //return super.enhance(accesstoken, authentication);     } resource server:
public class oauth2resourceserverconfig extends resourceserverconfigureradapter {     @autowired     customtokensignkeygenerator customtokensignkeygenerator;      /**      * method used intercept , verify whether requests      * accessing resource authenticated having valid access token      */     @override     public void configure(final httpsecurity http) throws exception {         http.sessionmanagement().sessioncreationpolicy(sessioncreationpolicy.if_required).and().authorizerequests()                 .antmatchers("/core/**").fullyauthenticated();                 //.anyrequest().permitall();//.fullyauthenticated();      }      /**      * reference checktokenservices can validate oauth2accesstoken      */     @override     public void configure(resourceserversecurityconfigurer config) {         try {             config.tokenservices(tokenservices());         } catch (exception e) {             // todo auto-generated catch block             e.printstacktrace();         }     }      /**      * method used store updated jwt in token store      * @return tokenstore      */     @bean     public tokenstore tokenstore() {         return new jwttokenstore(tokenconverter());     }      /**      * method used add custom signature key generated using key store jwt signature part      * @return jwtaccesstokenconverter      */     @bean     public jwtaccesstokenconverter tokenconverter() {         final jwtaccesstokenconverter converter = new jwtaccesstokenconverter();         final customtokensignkeygenerator signkey = new customtokensignkeygenerator();         converter.setsigningkey(signkey.getsecuritykey());         return converter;     }      @bean     public jwtaccesstokenconverter tokenenhancer() {         jwtaccesstokenconverter tokenenhancer = new jwtaccesstokenconverter();         final customtokensignkeygenerator signkey = new customtokensignkeygenerator();         tokenenhancer.setsigningkey(signkey.getsecuritykey());         tokenenhancer.setaccesstokenconverter(tokenconverter());         return tokenenhancer;     }       /**this method return token services required verify token received      * @return defaulttokenservices      */     public defaulttokenservices tokenservices() {         defaulttokenservices defaulttokenservices = new defaulttokenservices();         defaulttokenservices.settokenstore(tokenstore());         defaulttokenservices.settokenenhancer(tokenenhancer());         return defaulttokenservices;     }   in authentication object seeing null value decoded details object.  
 
  
Comments
Post a Comment