【发布时间】:2026-02-09 16:45:01
【问题描述】:
我正在尝试upgrade JHipster to use Spring Boot 2.4。我正在测试的应用程序具有启用 OAuth 登录并使用 Spring Security 设置资源服务器的 Spring Security 配置:
.and()
.oauth2Login()
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(authenticationConverter())
.and()
.and()
.oauth2Client();
升级到 Spring Boot 2.4 后,我的 GrantedAuthoritiesMapper bean 不再被调用,因此我的权限不再被翻译。知道为什么吗?
/**
* Map authorities from "groups" or "roles" claim in ID Token.
*
* @return a {@link GrantedAuthoritiesMapper} that maps groups from
* the IdP to Spring Security Authorities.
*/
@Bean
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
return authorities -> {
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
authorities.forEach(
authority -> {
// Check for OidcUserAuthority because Spring Security 5.2 returns
// each scope as a GrantedAuthority, which we don't care about.
if (authority instanceof OidcUserAuthority) {
OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
mappedAuthorities.addAll(SecurityUtils.extractAuthorityFromClaims(oidcUserAuthority.getUserInfo().getClaims()));
}
}
);
return mappedAuthorities;
};
}
【问题讨论】:
标签: spring-boot spring-security spring-security-oauth2