关于 oauth2 jwt authentication.getPrincipal 获取的是用户名的问题

第一种方案重写转换类(DefaultUserAuthenticationConverter)

    public Map<String, ?> convertUserAuthentication(Authentication authentication) {
        Map<String, Object> map = new HashMap<>(1);
	//继承UserDetails的对象
        Object o = authentication.getPrincipal();
        UserLogin userInfo = (UserLogin) o;
	//储存
        map.put("userInfo", userInfo);
	//权限存储
        if (authentication.getAuthorities() != null && authentication.getAuthorities().size()>0) {
            map.put(AUTHORITIES, AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
        }
        return map;
    }

    public Authentication extractAuthentication(Map<String, ?> map) {
        Authentication authentication = null;
        if (map.containsKey("userInfo")) {
            Object principal = map.get("userInfo");
            Collection<? extends GrantedAuthority> authorities = this.getAuthorities(map);
            authentication = new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
        }
        return authentication;
    }
​

第二种方案 DefaultUserAuthenticationConverter 设置 customUserDetailsService

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter(){
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        //设置用户信息转换器，默认getPrincipal是username
        DefaultAccessTokenConverter accessTokenConverter = (DefaultAccessTokenConverter)converter.getAccessTokenConverter();
        DefaultUserAuthenticationConverter defaultUserAuthenticationConverter = new DefaultUserAuthenticationConverter();
        defaultUserAuthenticationConverter.setUserDetailsService(customUserDetailsService);
        accessTokenConverter.setUserTokenConverter(defaultUserAuthenticationConverter);
        ClassPathResource resource = new ClassPathResource("publicKey.txt");
        String publicKey = null;
        try {
            publicKey = IOUtils.toString(resource.getInputStream(), "UTF-8");
        } catch (IOException e) {
            e.printStackTrace();
        }
        converter.setVerifierKey(publicKey);
        return converter;
    }
​

个人总结

//由于oauth2在jwt仅支持用户名和权限，如需扩展处理参考一下

//转换成token的核心代码，在DefaultUserAuthenticationConverter里最终调用
org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter#convertAccessToken

//解析token的核心代码，在DefaultUserAuthenticationConverter里最终调用
org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter#extractAuthentication

//两者配合可以在jwt里面存放额外的用户信息(头像，卡号这些)
//但是我不推荐这么做，使用用户名单独查询用户信息更为合适。
​