search

spring-attic / spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
http://github.com/spring-projects/spring-security-oauth
Apache License 2.0
4.7k stars 4.04k forks source link

AccessTokenConverter not getting called when using RedisTokenStore #944

Open frankskywalker opened 7 years ago

frankskywalker commented 7 years ago

Hi, @efenderbosch

When I'm using RedisTokenStore, the token get generated, but when I use the token to access the resource, I got the Exception "Principal must not be null". With further investigation I found that the principal did not get serialized. Before serialization the principal have values wechatimg11 After desrialize the principal field became null wechatimg12

I don't understand why JdkSerializationStrategy() have problem serializing my principal. Any advice would be appreciated.

frankskywalker commented 7 years ago

My customUserDetails has two fields not implementing the Serializable. So, the serialization has no problem. But when using RedisTokenStore, I noticed that TokenConvert not get called. Is this mean TokenConverter is for JWT only? or I just did something wrong?

` @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(tokenStore()) .accessTokenConverter(tokenConverter()) .reuseRefreshTokens(false) .exceptionTranslator(creamsExceptionTranslator()) .authenticationManager(authenticationManager) .userDetailsService(creamsUserDetailsService) .setClientDetailsService(clientDetailsService); }

@Bean
public AccessTokenConverter tokenConverter(){
    DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
    defaultAccessTokenConverter.setUserTokenConverter(new CustomUserAuthenticationConverter());
    return defaultAccessTokenConverter;
}`