排除权限

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java

@@ -4,6 +4,7 @@ package cn.ibizlab.api.rest.extensions;
 import cn.ibizlab.core.uaa.extensions.service.SysAppService;
 import cn.ibizlab.core.uaa.extensions.service.UAACoreService;
 import cn.ibizlab.util.client.IBZOUFeignClient;
+import cn.ibizlab.util.helper.CachedBeanCopier;
 import cn.ibizlab.util.security.AuthTokenUtil;
 import cn.ibizlab.util.security.AuthenticationInfo;
 import cn.ibizlab.util.security.AuthenticationUser;
@@ -59,10 +60,12 @@ public class ClientAuthenticationResource
 
         final String token = jwtTokenUtil.generateToken(user);
 
-        user.setPermissionList(null);
-
+        AuthenticationUser user2=new AuthenticationUser();
+        CachedBeanCopier.copy(user,user2);
+        user2.setAuthorities(null);
+        user2.setPermissionList(null);
         // 返回 token
-        return ResponseEntity.ok().body(new AuthenticationInfo(token,user));
+        return ResponseEntity.ok().body(new AuthenticationInfo(token,user2));
     }
 
     @PostMapping(value = "uaa/login")