我使用 Spring Security OAuth2 向用户发放令牌。在CustomTokenEnhancer我添加额外的信息,如userId和roles。
public class CustomTokenEnhancer implements TokenEnhancer {
@Autowired
private UserServiceClient userServiceClient;
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
User user = (User) authentication.getPrincipal();
final Map<String, Object> additionalInfo = new HashMap<>();
Optional<ApplicationUser> applicationUser = userServiceClient.getUserByField(user.getUsername());
if (applicationUser.isPresent()) {
additionalInfo.put("user_id", applicationUser.get().getId());
additionalInfo.put("roles", applicationUser.get().getRoles());
additionalInfo.put("domain", >"x-forwarded-for" header here<);
}
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
现在我想包括用户登录/颁发令牌的域。此信息位于 x-forwarded-for 标头内。但是如何访问请求标头并将它们添加到令牌中?有没有办法将它添加到 OAuth2Authentication 对象?