public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) .clientId("messaging-client") .clientSecret("{noop}secret") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) .authorizationGrantType(AuthorizationGrantType.PASSWORD) .redirectUri("http://www.baidu.com") // .redirectUri("http://127.0.0.1:8080/authorized") .scope(OidcScopes.OPENID) .scope(OidcScopes.PROFILE) .scope("message.read") .scope("message.write") .scope("password") .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()) .tokenSettings(TokenSettings.builder() .accessTokenTimeToLive(Duration.ofMinutes(1L)) .accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED) .reuseRefreshTokens(true) .refreshTokenTimeToLive(Duration.ofMinutes(120L)) .idTokenSignatureAlgorithm(SignatureAlgorithm.RS256).build() ) .build(); return new InMemoryRegisteredClientRepository(registeredClient); }
UserDetails user = User.withDefaultPasswordEncoder()`
.username("user1")
.password("password")
.roles("user")
.authorities("usersdsa1")
.build();
}
我通过代码生成token 通过获取权限,获取的权限为SCOPE_message.read 不应该是ROLE_User和usersdsa1
身份验证 Spring Authorization Server和Do you handle itauthentication有什么关系=
SecurityContextHolder.getContext().getAuthentication();我要获取role_user