{"id":307010,"date":"2024-05-20T20:24:46","date_gmt":"2024-05-20T12:24:46","guid":{"rendered":"https:\/\/docs.pingcode.com\/ask\/ask-ask\/307010.html"},"modified":"2024-05-20T20:25:02","modified_gmt":"2024-05-20T12:25:02","slug":"springsecurity-oauth2-%e5%a6%82%e4%bd%95%e8%8e%b7%e5%8f%96%e5%bd%93%e5%89%8d%e7%99%bb%e5%bd%95%e7%94%a8%e6%88%b7%e4%bf%a1%e6%81%af","status":"publish","type":"post","link":"https:\/\/docs.pingcode.com\/ask\/307010.html","title":{"rendered":"springsecurity oauth2 \u5982\u4f55\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u4fe1\u606f"},"content":{"rendered":"

\"springsecurity<\/p>\n

\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u4fe1\u606f\u662fSpring Security OAuth2<\/strong>\u4e2d\u7684\u4e00\u4e2a\u5173\u952e\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u6211\u4eec\u901a\u8fc7\u5b89\u5168\u7684\u65b9\u5f0f\u8bbf\u95ee\u5e94\u7528\u7a0b\u5e8f\u7684\u8d44\u6e90\u3002\u5728\u4f7f\u7528Spring Security OAuth2<\/strong>\u65f6\uff0c\u6838\u5fc3\u6280\u672f\u5305\u62ec\u5229\u7528SecurityContextHolder\u3001OAuth2Authentication\u5bf9\u8c61\u3001Principal\u5bf9\u8c61<\/strong>\u7b49\u624b\u6bb5\u6765\u83b7\u53d6\u5f53\u524d\u7528\u6237\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u8fd9\u4e9b\u65b9\u6cd5\u4e0d\u4ec5\u7b80\u4fbf\u6613\u7528\uff0c\u800c\u4e14\u53ef\u4ee5\u5b89\u5168\u6709\u6548\u5730\u96c6\u6210\u5230Spring\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002<\/p>\n<\/p>\n

\u4ee5SecurityContextHolder<\/strong>\u65b9\u6cd5\u4e3a\u4f8b\uff0c\u8fd9\u662f\u6700\u76f4\u63a5\u7684\u65b9\u5f0f\u83b7\u53d6\u5f53\u524d\u5df2\u8ba4\u8bc1\u7528\u6237\u7684\u8be6\u7ec6\u4fe1\u606f\u3002SecurityContextHolder<\/strong>\u63d0\u4f9b\u4e86\u5bf9SecurityContext\u7684\u8bbf\u95ee\uff0c\u8fd9\u662f\u6301\u6709authentication\u5bf9\u8c61\u7684\u5730\u65b9\uff0c\u800cauthentication\u5bf9\u8c61\u5c31\u5305\u542b\u4e86\u5f53\u524d\u7528\u6237\u7684\u4fe1\u606f\u3002\u901a\u8fc7\u8c03\u7528SecurityContextHolder.getContext().getAuthentication()<\/code>\uff0c\u6211\u4eec\u53ef\u4ee5\u83b7\u53d6\u5230\u5f53\u524d\u7684Authentication\u5bf9\u8c61\uff0c\u8fdb\u4e00\u6b65\u901a\u8fc7\u8be5\u5bf9\u8c61\u83b7\u53d6\u5230\u5f53\u524d\u7528\u6237\u7684\u8be6\u60c5\u3002<\/p>\n<\/p>\n

\u4e00\u3001SECURITYCONTEXTHOLDER\u7684\u4f7f\u7528<\/h3>\n<\/p>\n

SecurityContextHolder\u662fSpring Security\u7684\u5fc3\u810f\u90e8\u5206\uff0c\u63d0\u4f9b\u5bf9\u5f53\u524d\u5b89\u5168\u4e0a\u4e0b\u6587\u7684\u8bbf\u95ee\u3002\u8fd9\u4e2a\u4e0a\u4e0b\u6587\u6301\u6709\u5173\u4e8e\u5f53\u524d\u7528\u6237\u8ba4\u8bc1\u4fe1\u606f\u7684\u5173\u952e\u5bf9\u8c61\uff0c\u5373Authentication\u5bf9\u8c61\u3002Authentication\u5bf9\u8c61\u5305\u542b\u4e86\u4e00\u7cfb\u5217\u5173\u4e8e\u7528\u6237\u7684\u4fe1\u606f\uff0c\u5305\u62ec\u6743\u9650\u3001\u7ec6\u8282\u4fe1\u606f\u4ee5\u53ca\u4e3b\u8981\u7684\u7528\u6237\u4fe1\u606f\u3002<\/p>\n<\/p>\n

\u9996\u5148\uff0c\u786e\u4fdd\u4f60\u7684Spring Security\u914d\u7f6e\u662f\u6b63\u786e\u7684\uff0c\u5e76\u4e14\u5df2\u7ecf\u6574\u5408\u4e86OAuth2\u3002\u4e00\u65e6\u7528\u6237\u5b8c\u6210\u4e86\u8ba4\u8bc1\u6d41\u7a0b\uff0cSpring Security\u4f1a\u81ea\u52a8\u5c06\u7528\u6237\u4fe1\u606f\u5b58\u50a8\u5728SecurityContext\u4e2d\u3002\u8981\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u4fe1\u606f\uff0c\u4f60\u53ef\u4ee5\u5728\u4f60\u7684\u63a7\u5236\u5668\u6216\u670d\u52a1\u4e2d\u6ce8\u5165\u8fd9\u6bb5\u4ee3\u7801\uff1a<\/p>\n<\/p>\n

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();<\/p>\n
String currentUserName = null;<\/p>\n
if (!(authentication instanceof AnonymousAuthenticationToken)) {<\/p>\n
    currentUserName = authentication.getName();<\/p>\n
    \/\/ \u8fd9\u91cc\u53ef\u4ee5\u8f6c\u6362\u4e3a\u76f8\u5e94\u7684\u7528\u6237\u8be6\u60c5\u5bf9\u8c61\uff0c\u83b7\u53d6\u66f4\u591a\u7684\u7528\u6237\u4fe1\u606f<\/p>\n
}<\/p>\n
<\/code><\/pre>\n<\/p>\n
\u8fd9\u6bb5\u4ee3\u7801\u9996\u5148\u4eceSecurityContextHolder<\/code>\u83b7\u53d6Authentication<\/code>\u5bf9\u8c61\u3002\u63a5\u7740\uff0c\u68c0\u67e5\u5f53\u524d\u7528\u6237\u662f\u5426\u4e3a\u533f\u540d\u7528\u6237\u4ee5\u786e\u4fdd\u4e0d\u5904\u7406\u672a\u7ecf\u8ba4\u8bc1\u7684\u7528\u6237\u3002\u6700\u540e\uff0c\u901a\u8fc7\u8c03\u7528getName()<\/code>\u83b7\u53d6\u7528\u6237\u540d\u3002<\/p>\n<\/p>\n
\u4e8c\u3001\u5229\u7528OAUTH2AUTHENTICATION\u5bf9\u8c61<\/h3>\n<\/p>\n
OAuth2Authentication<\/code>\u5bf9\u8c61\u662fSpring Security OAuth2\u4e2d\u7684\u4e00\u4e2a\u6838\u5fc3\u7c7b\uff0c\u5b83\u6269\u5c55\u4e86\u6807\u51c6\u7684Authentication<\/code>\u63a5\u53e3\uff0c\u6dfb\u52a0\u4e86\u4e0eOAuth2\u76f8\u5173\u7684\u4e00\u4e9b\u529f\u80fd\u548c\u4fe1\u606f\u3002<\/p>\n<\/p>\n
\u5f53\u4f7f\u7528OAuth2Authentication<\/code>\u65f6\uff0c\u4f60\u53ef\u4ee5\u83b7\u53d6\u5230\u66f4\u8be6\u7ec6\u7684\u5173\u4e8e\u5f53\u524d\u8ba4\u8bc1\u8fc7\u7a0b\u7684\u4fe1\u606f\uff0c\u5305\u62ec\u5ba2\u6237\u7aef\u7684\u4fe1\u606f\u548c\u7528\u6237\u7684\u4fe1\u606f\u3002\u4f60\u53ef\u4ee5\u8fd9\u6837\u505a\uff1a<\/p>\n<\/p>\n
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();<\/p>\n
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();<\/p>\n
if(userAuthentication != null){<\/p>\n
    Object principal = userAuthentication.getPrincipal();<\/p>\n
    \/\/ \u8fd9\u91cc\u7684principal\u5bf9\u8c61\u901a\u5e38\u662fUserDetAI<\/a>ls\u5bf9\u8c61\uff0c\u5176\u4e2d\u5305\u542b\u4e86\u7528\u6237\u7684\u8be6\u7ec6\u4fe1\u606f<\/p>\n
}<\/p>\n
<\/code><\/pre>\n<\/p>\n
\u8fd9\u6bb5\u4ee3\u7801\u68c0\u7d22\u4e86\u5f53\u524d\u7684OAuth2Authentication<\/code>\u5bf9\u8c61\uff0c\u5e76\u901a\u8fc7\u5b83\u6765\u83b7\u53d6\u7528\u6237\u8ba4\u8bc1\u4fe1\u606f\uff0c\u8fdb\u800c\u8bbf\u95eeprincipal\u5bf9\u8c61\u3002Principal\u5bf9\u8c61\u662f\u4e00\u4e2a\u66f4\u4e3a\u8be6\u7ec6\u7684\u8ba4\u8bc1\u5bf9\u8c61\uff0c\u901a\u5e38\u662fUserDetails<\/code>\u7684\u5b9e\u4f8b\uff0c\u5305\u542b\u4e86\u66f4\u4e30\u5bcc\u7684\u7528\u6237\u4fe1\u606f\u3002<\/p>\n<\/p>\n
\u4e09\u3001\u901a\u8fc7Principal\u5bf9\u8c61\u83b7\u53d6\u7528\u6237\u4fe1\u606f<\/h3>\n<\/p>\n
\u5728Spring MVC\u7684\u63a7\u5236\u5668\u4e2d\uff0c\u4e00\u4e2a\u7b80\u5355\u800c\u76f4\u63a5\u7684\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u8be6\u7ec6\u4fe1\u606f\u7684\u65b9\u6cd5\u662f\u901a\u8fc7Spring\u7684\u65b9\u6cd5\u53c2\u6570\u89e3\u6790\u529f\u80fd\u76f4\u63a5\u5c06Principal<\/code>\u5bf9\u8c61\u6ce8\u5165\u5230\u63a7\u5236\u5668\u65b9\u6cd5\u4e2d\u3002<\/p>\n<\/p>\n
@RequestMapping("\/user\/me")<\/p>\n
public ResponseEntity<?> getCurrentUser(Principal principal) {<\/p>\n
    \/\/ Principal\u5bf9\u8c61\u901a\u5e38\u662fOAuth2Authentication\u5bf9\u8c61<\/p>\n
    String username = principal.getName();<\/p>\n
    \/\/ \u8fd9\u91cc\u53ef\u4ee5\u57fa\u4e8e\u7528\u6237\u540d\u67e5\u8be2\u6570\u636e\u5e93\uff0c\u83b7\u53d6\u66f4\u5b8c\u6574\u7684\u7528\u6237\u4fe1\u606f<\/p>\n
    return ResponseEntity.ok(username);<\/p>\n
}<\/p>\n
<\/code><\/pre>\n<\/p>\n
\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0cPrincipal<\/code>\u5bf9\u8c61\u4f5c\u4e3a\u65b9\u6cd5\u53c2\u6570\u4f20\u9012\u3002\u8fd9\u662fSpring Security\u6846\u67b6\u7684\u7279\u6027\u4e4b\u4e00\uff0c\u5b83\u4f1a\u81ea\u52a8\u5c06\u5f53\u524d\u8ba4\u8bc1\u7528\u6237\u7684Principal<\/code>\u5bf9\u8c61\u6ce8\u5165\u5230\u53c2\u6570\u4e2d\u3002\u8fd9\u79cd\u65b9\u5f0f\u6700\u5927\u7684\u4f18\u70b9\u662f\u7b80\u5355\u76f4\u63a5\uff0c\u4f60\u53ef\u4ee5\u5feb\u901f\u5730\u83b7\u53d6\u5230\u7528\u6237\u540d\uff0c\u7136\u540e\u8fdb\u4e00\u6b65\u5904\u7406\u3002<\/p>\n<\/p>\n
\u56db\u3001\u603b\u7ed3\u4e0e\u5b9e\u8df5\u5efa\u8bae<\/h3>\n<\/p>\n
\u5728\u5b9e\u9645\u9879\u76ee\u4e2d\uff0c\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u4fe1\u606f\u662f\u5e38\u89c1\u9700\u6c42\u3002\u901a\u8fc7SecurityContextHolder<\/strong>\u3001OAuth2Authentication<\/strong>\u5bf9\u8c61\u548cPrincipal<\/strong>\u5bf9\u8c61\uff0c\u6211\u4eec\u53ef\u4ee5\u7075\u6d3b\u5730\u5728\u4e0d\u540c\u5c42\u6b21\u4e0a\u83b7\u53d6\u7528\u6237\u4fe1\u606f\u3002\u6bcf\u79cd\u65b9\u5f0f\u90fd\u6709\u5176\u9002\u7528\u7684\u573a\u666f\uff0c\u5efa\u8bae\u6839\u636e\u5b9e\u9645\u9700\u6c42\u9009\u62e9\u6700\u5408\u9002\u7684\u65b9\u6cd5\u3002<\/p>\n<\/p>\n
\u6b64\u5916\uff0c\u5b89\u5168\u6027\u59cb\u7ec8\u662f\u6211\u4eec\u9700\u8981\u5173\u6ce8\u7684\u91cd\u70b9\u3002\u5728\u5904\u7406\u7528\u6237\u4fe1\u606f\u65f6\uff0c\u786e\u4fdd\u9075\u5faa\u6700\u4f73\u5b89\u5168\u5b9e\u8df5\uff0c\u5982\u4f7f\u7528HTTPS\u3001\u5b58\u50a8\u5b89\u5168\u4ee4\u724c\u7b49\uff0c\u4ee5\u786e\u4fdd\u4f60\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u3002<\/p>\n<\/p>\n
\u7efc\u4e0a\u6240\u8ff0\uff0cSpring Security OAuth2<\/strong>\u4e3a\u5f00\u53d1\u8005\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u9009\u62e9\u6765\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u4fe1\u606f\u3002\u901a\u8fc7\u638c\u63e1\u8fd9\u4e9b\u65b9\u6cd5\u5e76\u7ed3\u5408\u5b83\u4eec\u7684\u4f18\u70b9\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u6709\u6548\u5730\u7ba1\u7406\u7528\u6237\u8eab\u4efd\u4fe1\u606f\uff0c\u6784\u5efa\u51fa\u66f4\u52a0\u5b89\u5168\u3001\u9ad8\u6548\u7684\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n<\/p>\n
\u76f8\u5173\u95ee\u7b54FAQs\uff1a<\/strong><\/h2>\n
1. \u5982\u4f55\u5728Spring Security OAuth2\u4e2d\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u4fe1\u606f\uff1f<\/strong><\/p>\n
\u5728Spring Security OAuth2\u4e2d\uff0c\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u4fe1\u606f\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528SecurityContextHolder<\/code>\u548cAuthentication<\/code>\u5bf9\u8c61\u6765\u5b9e\u73b0\u3002 <\/p>\n
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();\n<\/code><\/pre>\n
\u901a\u8fc7\u4e0a\u8ff0\u4ee3\u7801\u53ef\u4ee5\u83b7\u53d6\u5230\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u8ba4\u8bc1\u5bf9\u8c61Authentication<\/code>\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528authentication.getPrincipal()<\/code>\u65b9\u6cd5\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u4fe1\u606f\u3002<\/p>\n
2. \u5982\u4f55\u5728Spring Security OAuth2\u4e2d\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u7528\u6237\u540d\uff1f<\/strong><\/p>\n
\u8981\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u7528\u6237\u540d\uff0c\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528SecurityContextHolder<\/code>\u548cAuthentication<\/code>\u5bf9\u8c61\u6765\u5b9e\u73b0\u3002<\/p>\n
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();\nString username = authentication.getName();\n<\/code><\/pre>\n
\u4e0a\u8ff0\u4ee3\u7801\u4e2d\uff0cgetName()<\/code>\u65b9\u6cd5\u53ef\u4ee5\u83b7\u53d6\u5230\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u7528\u6237\u540d\u3002\u4f60\u53ef\u4ee5\u5c06\u8be5\u7528\u6237\u540d\u7528\u4e8e\u8fdb\u4e00\u6b65\u7684\u4e1a\u52a1\u903b\u8f91\u3002<\/p>\n
3. \u5982\u4f55\u5728Spring Security OAuth2\u4e2d\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u89d2\u8272\u4fe1\u606f\uff1f<\/strong><\/p>\n
\u5728Spring Security OAuth2\u4e2d\uff0c\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u89d2\u8272\u4fe1\u606f\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528SecurityContextHolder<\/code>\u548cAuthentication<\/code>\u5bf9\u8c61\u6765\u5b9e\u73b0\u3002<\/p>\n
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();\n\nif (authentication != null) {\n    Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();\n    List<String> roles = new ArrayList<>();\n    \n    for (GrantedAuthority authority : authorities) {\n       roles.add(authority.getAuthority());\n    }\n    \n    \/\/ \u5bf9\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u89d2\u8272\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u5904\u7406\n}\n<\/code><\/pre>\n
\u4e0a\u8ff0\u4ee3\u7801\u4e2d\uff0cgetAuthorities()<\/code>\u65b9\u6cd5\u53ef\u4ee5\u83b7\u53d6\u5230\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u89d2\u8272\u4fe1\u606f\uff0c\u5b83\u8fd4\u56de\u4e00\u4e2aGrantedAuthority<\/code>\u7684\u96c6\u5408\u3002\u4f60\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u89d2\u8272\u7528\u4e8e\u8fdb\u4e00\u6b65\u7684\u4e1a\u52a1\u903b\u8f91\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u83b7\u53d6\u5f53\u524d\u767b\u5f55\u7528\u6237\u4fe1\u606f\u662fSpring Security OAuth2\u4e2d\u7684\u4e00\u4e2a\u5173\u952e\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u6211\u4eec\u901a\u8fc7\u5b89\u5168\u7684\u65b9\u5f0f\u8bbf […]","protected":false},"author":3,"featured_media":307029,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/307010"}],"collection":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/comments?post=307010"}],"version-history":[{"count":0,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/307010\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media\/307029"}],"wp:attachment":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media?parent=307010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/categories?post=307010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/tags?post=307010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}