SpringSecurity OAuth2自定义ClientDetails 4年前

最近在做SpringSecurityOAuth2的自定义ClientDetails目前实现了两种方式

1. 实现 ClientDetailsService 并把值传入BaseClientDetails然后返回

   @Override public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { AuthClient authClient = authClientService.loadClientByClientId(clientId); BaseClientDetails details = new BaseClientDetails(authClient.getClientId(), authClient.getResourceIds(), authClient.getScopes(), authClient.getAuthorizedGrantTypes(), authClient.getAuthorities(), authClient.getRedirectUris()); details.setClientSecret(authClient.getClientSecret()); return details; }

2. 先实现ClientDetails 然后再实现 ClientDetailsService

ClientDetails

copy
public class MyClientDetails implements ClientDetails {
    private AuthClientDetails client;

    public MyClientDetails(AuthClientDetails client) {
        this.client = client;
    }

    public MyClientDetails() {

    }

    /**
     * The client id.
     *
     * @return The client id.
     */
    @Override
    public String getClientId() {
        return client.getClientId();
    }
......

ClientDetailsService

copy
@Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
        AuthClientDetails clientDetails = authClientDetailsMapper.selectClientDetailsByClientId(clientId);
        if (clientDetails == null) {
            throw new ClientRegistrationException("该客户端不存在");
        }
        MyClientDetails details = new MyClientDetails(clientDetails);
        return details;
    }

相对而言，第二种方式灵活性会高很多，在使用过程中遇到一个问题使用最简依赖的自定义ClientDetails 无法返回token，并且返回的是空值。 ClientDetailsUserDetailsService 的loadUserByUsername 方法 报错

经过debug分析，问题出来在了自定义的ClientDetails的权限集合返回值的问。

出错写法

copy
@Override
    public Collection<GrantedAuthority> getAuthorities() {
        return (client.getAuthorities() != null && client.getAuthorities().trim().length() > 0) ?
                AuthorityUtils.commaSeparatedStringToAuthorityList(client.getAuthorities()) : null;
    }

该写法会导致Cannot pass a null GrantedAuthority collection 错误，无法生存token但是不会有任何的报错

正确写法

copy
@Override
    public Collection<GrantedAuthority> getAuthorities() {
        return (client.getAuthorities() != null && client.getAuthorities().trim().length() > 0) ?
                AuthorityUtils.commaSeparatedStringToAuthorityList(client.getAuthorities()) : Collections.emptyList();
    }