Reputation: 1073
How can I get a custom Principal object with Spring using OAuth2?
I have a Spring Boot application utilizing spring-security-jwt and spring-security-oauth2. I've got a custom User object extending UserDetails and a Custom UserDetailsService returning this object from the loadUserByUsername method.
But when I utilize the getPrincipal method of the Authentication object and try to Cast to my custom user object, it fails as the principal is returning a string vs my custom user object.
My actual goal is to eliminate the trip to the persistence layer on every method call that requires the custom object detail which is most.
Upvotes: 6
Views: 3569
Answers (1)
Reputation: 27
You can do this by setting an AccessTokenConverter (which indirectly holds your UserDetailsService) to JwtAccessTokenConverter. See accessTokenConverter() method.
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
// Other configurations omitted
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore())
.accessTokenConverter(accessTokenConverter())
.tokenEnhancer(accessTokenConverter())
.authenticationManager(authenticationManager);
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
DefaultUserAuthenticationConverter duac = new DefaultUserAuthenticationConverter();
duac.setUserDetailsService(userDetailsService);
DefaultAccessTokenConverter datc = new DefaultAccessTokenConverter();
datc.setUserTokenConverter(duac);
JwtAccessTokenConverter jatc = new JwtAccessTokenConverter();
jatc.setAccessTokenConverter(datc); // IMPORTANT
jatc.setSigningKey("your-signing-key");
return jatc;
}
@Bean
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore());
tokenServices.setSupportRefreshToken(true);
return tokenServices;
}
}
Upvotes: 3
Related Questions
- Java SpringBoot Rest OAuth2 Principal is null
- Unable to customize principal object, no matter how it always stays a string
- Spring Security - Custom Principal from JWT
- How to extract custom Principal in OAuth2 Resource Server?
- How to update data on Principal object on Spring Boot
- Getting Principal from DB by Spring Boot OAuth2 login
- Obtain the Authentication (Principal) object via oAuth2 Spring Security?
- Spring Security Ouath2 : Extended UserDetails not returned by the Principal object
- Spring security oauth2 - getting custom data from OAuth2 principal
- Spring custom AuthenticationProvider for Principal with additional data