Class StandaloneJwtAuthenticationConverter
java.lang.Object
io.leandev.appfuse.security.resourceserver.StandaloneJwtAuthenticationConverter
- All Implemented Interfaces:
org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt, org.springframework.security.authentication.AbstractAuthenticationToken>
public class StandaloneJwtAuthenticationConverter
extends Object
implements org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt, org.springframework.security.authentication.AbstractAuthenticationToken>
STANDALONE 模式的 JWT → Authentication 轉換器
自簽 token 由 JwtTokenProvider 簽發,
簽發當下已把使用者權限(DB 的 ROLE_* + 細粒度 resource:action)以逗號串接
寫入 auth claim。本轉換器直接讀該 claim 還原權限——無狀態、不回查 DB:
- 權限即時撤銷由 Token 黑名單(session id)承擔(見
TokenBlacklistFilter), 不靠每請求回查 DB。 - 詞彙與
@PreAuthorize完全一致(同一套字串),federated 模式亦對映同一套resource:action(見ScopeJwtAuthenticationConverter)。
principal 保持為 Jwt,租戶由 JwtClaimTenantIdResolver 從 tenantId
claim 解析(兩模式共用,見 ADR-009 與 ADR-001)。
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.authentication.AbstractAuthenticationTokenconvert(org.springframework.security.oauth2.jwt.Jwt jwt) Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.core.convert.converter.Converter
andThen
-
Field Details
-
AUTHORITIES_CLAIM
-
-
Constructor Details
-
StandaloneJwtAuthenticationConverter
public StandaloneJwtAuthenticationConverter()
-
-
Method Details
-
convert
public org.springframework.security.authentication.AbstractAuthenticationToken convert(org.springframework.security.oauth2.jwt.Jwt jwt) - Specified by:
convertin interfaceorg.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt, org.springframework.security.authentication.AbstractAuthenticationToken>
-