vis*_*s4u 0 java spring-security oauth-2.0 jwt spring-security-oauth2
我用 jwt 加 oauth2 (在内存中)实现了 spring boot。
这里的令牌位于内存中而不是数据库中。
但是当我使用时tokenStore.findTokensByClientId(clientId),它在下面的情况下返回空白数组
例子
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
static final String CLIEN_ID = "vishvas-client";
static final String CLIENT_SECRET = "$2a$10$kfH4W.jyBuqvX5TLu.OfbOEUtScm4V9FEUDvGI8AWPaqObUOQ7HJ2"; // vishvas-secret
static final String GRANT_TYPE_PASSWORD = "password";
static final String AUTHORIZATION_CODE = "authorization_code";
static final String REFRESH_TOKEN = "refresh_token";
static final String IMPLICIT = "implicit";
static final String SCOPE_READ = "read";
static final String SCOPE_WRITE = "write";
static final String TRUST = "trust";
static final int ACCESS_TOKEN_VALIDITY_SECONDS = 12 * 60 * 60; // 12 hour
static final int FREFRESH_TOKEN_VALIDITY_SECONDS = 24 * 60 * 60; // 24 hour
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("as466gf");
return converter;
}
@Bean
public TokenStore tokenStore() {
// return new InMemoryTokenStore(); // Success : working but same access token generated every time. i want different access tokens
return new JwtTokenStore(accessTokenConverter()); // Error : tokenStore.findTokensByClientId(clientId) returns blank
}
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
configurer.inMemory().withClient(CLIEN_ID).secret(CLIENT_SECRET)
.authorizedGrantTypes(GRANT_TYPE_PASSWORD, AUTHORIZATION_CODE, REFRESH_TOKEN, IMPLICIT)
.scopes(SCOPE_READ, SCOPE_WRITE, TRUST).accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
.refreshTokenValiditySeconds(FREFRESH_TOKEN_VALIDITY_SECONDS);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager)
.accessTokenConverter(accessTokenConverter());
}
}
@RestController
@RequestMapping("/api/tokens")
public class TokensEndpointController {
@Autowired
private TokenStore tokenStore;
@CrossOrigin
@SuppressWarnings({ "unchecked", "rawtypes", "deprecation" })
@GetMapping
public ResponseEntity<?> findAllActiveSessions(@RequestParam String clientId,
HttpServletRequest httpServletRequest) {
try {
String username = httpServletRequest.getUserPrincipal().getName();
Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByClientId(clientId);
List<String> tokenValues = tokens.stream().map(OAuth2AccessToken::getValue).collect(Collectors.toList());
System.out.println("tokenValues : " + tokenValues); // Blank array
return ResponseEntity.ok(new ResponseWrapperDTO(HttpServletResponse.SC_OK,
httpServletRequest.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE).toString(),
"Tokens got successfully.", tokenValues));
} catch (Exception e) {
e.printStackTrace();
return new ResponseEntity(
new ResponseErrorDTO(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
MethodUtils.getApiPathFromHttpServletRequest(httpServletRequest), e.getMessage()),
HttpStatus.INTERNAL_SERVER_ERROR);
}
}
}
示例说明:
在tokenStore()方法中,如果我使用 return new InMemoryTokenStore();,那么我可以使用 api ( http://localhost:8080/api/tokens?clientId=vishvas-client ) 成功获取所有令牌,但每次都会生成相同的访问令牌
在tokenStore()方法中,如果我使用return new JwtTokenStore(accessTokenConverter());api ( http://localhost:8080/api/tokens?clientId=vishvas-client ) 返回空白数组。(第二点有问题,无法获得代币)
这就是为什么您每次都会获得相同的令牌,但是当该令牌过期时,授权服务器将生成另一个令牌
这就是为什么你每次都会得到不同的令牌,但列表是空的
您可以检查此链接中第 162 行的JwtTokenStore类,您会发现默认情况下给出一个空列表
因此,对于标准配置,您应该使用JwtTokenStore
| 归档时间: |
|
| 查看次数: |
1620 次 |
| 最近记录: |