uni*_*lep 5 spring spring-security spring-boot spring-security-oauth2
我在应用 spring oauth2 客户端时遇到问题。
我发现org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter想要创建一个OAuth2AuthorizationRequest并通过authorizationRequestRepository.
相关代码:
// OAuth2AuthorizationRequestRedirectFilter.class
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request);
...
this.sendRedirectForAuthorization(request, response, authorizationRequest);
....
}
private void sendRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response,
OAuth2AuthorizationRequest authorizationRequest) {
...
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
...
}
文档中声明默认实现是将其存储在 HttpSession 中,并且可以根据需要将其存储在 cookie 中。
相关文档:https : //docs.spring.io/spring-security/site/docs/5.0.7.RELEASE/reference/html/oauth2login-advanced.html#oauth2login-advanced-authorization-request-repository
但是我不理解。为什么不应该将authorizationRequest对象存储在内存中?我不知道为什么 spring security 提供AuthorizationRequestRepository接口以便我可以使用 Session 或 Cookie。
| 归档时间: |
|
| 查看次数: |
1154 次 |
| 最近记录: |