每当在 spring-security-oauth 中插入新的访问令牌时如何执行一些代码?
How to execute some code whenever new access token is inserted in spring-security-oauth?
我已经使用 spring-security-oauth 实现了 Oauth2。我使用了密码和刷新令牌授权类型。
流程是用户先提供用户名和密码,验证通过后,授权服务器提供刷新令牌。
使用该刷新令牌,我获得了访问令牌,我可以使用它来访问受保护的资源。
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {
private static final String ENV_OAUTH = "authentication.oauth.";
private static final String PROP_CLIENTID = "clientid";
private static final String PROP_SECRET = "secret";
private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";
private RelaxedPropertyResolver propertyResolver;
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(propertyResolver.getProperty(PROP_CLIENTID))
.scopes("read", "write")
.authorities(Authorities.ROLE_ADMIN.name(), Authorities.ROLE_USER.name())
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 60))
.refreshTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 120));
}
@Override
public void setEnvironment(Environment environment) {
this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
}
}
}
注意:我用过JdbcTokenStore,请检查上面的代码。
每当新的访问令牌是 created/removed 时,我想执行一个方法并想要 运行 一些代码。这该怎么做?我是 spring 安全和 oauth 的新手,请给我建议实现此目的的方法。我可以为此添加任何过滤器或拦截器吗?
您可以实现自己的 TokenStore 或扩展现有的(InMemoryTokenStore, JdbcTokenStore、JwtTokenStore)并在 storeAccessToken 和 removeAccessToken
我已经使用 spring-security-oauth 实现了 Oauth2。我使用了密码和刷新令牌授权类型。
流程是用户先提供用户名和密码,验证通过后,授权服务器提供刷新令牌。 使用该刷新令牌,我获得了访问令牌,我可以使用它来访问受保护的资源。
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {
private static final String ENV_OAUTH = "authentication.oauth.";
private static final String PROP_CLIENTID = "clientid";
private static final String PROP_SECRET = "secret";
private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";
private RelaxedPropertyResolver propertyResolver;
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(propertyResolver.getProperty(PROP_CLIENTID))
.scopes("read", "write")
.authorities(Authorities.ROLE_ADMIN.name(), Authorities.ROLE_USER.name())
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 60))
.refreshTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 120));
}
@Override
public void setEnvironment(Environment environment) {
this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
}
}
}
注意:我用过JdbcTokenStore,请检查上面的代码。
每当新的访问令牌是 created/removed 时,我想执行一个方法并想要 运行 一些代码。这该怎么做?我是 spring 安全和 oauth 的新手,请给我建议实现此目的的方法。我可以为此添加任何过滤器或拦截器吗?
您可以实现自己的 TokenStore 或扩展现有的(InMemoryTokenStore, JdbcTokenStore、JwtTokenStore)并在 storeAccessToken 和 removeAccessToken