我正在使用 JWT 为 REST API 做 spring 安全。我已经完成了创建具有到期时间且工作正常的网络令牌。我已将时间限制设置为 5 分钟。5 分钟后,令牌将过期。这给我带来了问题,所以任何人都可以指导我如何使用刷新令牌来解决这个问题,因为我对这个概念很陌生。
这是我的代码..
SpringSecurity配置
@Bean
public JwtAuthenticationTokenFilter authenticationTokenFilter() {
JwtAuthenticationTokenFilter filter = new
JwtAuthenticationTokenFilter();
filter.setAuthenticationManager(authenticationManager());
filter.setAuthenticationSuccessHandler(new JwtSuccessHandler());
return filter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().antMatchers("/admin/**").authenticated()
.antMatchers("/admin/**").hasAnyAuthority("Admin")
.and()
.exceptionHandling().authenticationEntryPoint(entryPoint)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
http.headers().cacheControl();
}
令牌控制器
@RestController
@RequestMapping("/token")
public class TokenController {
private JwtGenerator jwtGenerator;
public TokenController(JwtGenerator jwtGenerator) {
this.jwtGenerator = jwtGenerator;
}
@RequestMapping(method = RequestMethod.POST)
public String generate(@RequestBody final User user) {
return jwtGenerator.generate(user);
}
} …