在客户端 Spring 引导应用程序上配置自定义 OAuth2AccessToken
Configure custom OAuth2AccessToken on a client Spring Boot Application
授权服务器通常给你的标准 JSON 格式有一个名为 "expires_in" 的 属性,但现在我正在使用一个授权服务器,它给我一个 属性 名为 "access_token_expires_in"。因此,我的 OAuth2AccessToken 总是 returns isExpired 为 false,即使 access_token 已过期,这也是有意义的,因为它正在尝试读取不存在的 "expires_in" 属性 .来自 OAuth2AccessToken 的 getAdditionalInformation returns 我的 "access_token_expires_in" 属性 值为 18000.
我想知道我是否可以告诉 spring 使用 "access_token_expires_in" 属性 作为我的 access_token 的到期值?
我的代码:
@Configuration
class OAuth2RestConfiguration {
@Bean
protected OAuth2ProtectedResourceDetails resource() {
final ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
resourceDetails.setAccessTokenUri("<tokenUri>");
resourceDetails.setClientId("<clientId>");
resourceDetails.setClientSecret("<clientSecret>");
return resourceDetails;
}
@Bean
public OAuth2RestTemplate restTemplate() throws Exception {
final AccessTokenRequest atr = new DefaultAccessTokenRequest();
final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resource(),
new DefaultOAuth2ClientContext(atr));
return oAuth2RestTemplate;
}
}
授权服务器响应示例:
{
"refresh_token_expires_in": 0,
"access_token": "<access_token>",
"access_token_expires_in": 18000,
"token_type": "bearer"
}
编辑 1:
作为解决方法,我扩展了 OAuth2RestTemplate class 并覆盖了 getAccessToken 方法:
public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
private OAuth2ClientContext context;
private Long LAST_RESET = getCurrentTimeSeconds();
private Long FORCE_EXPIRATION;
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
super(resource);
this.context = super.getOAuth2ClientContext();
this.FORCE_EXPIRATION = 10800L;
}
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
super(resource, defaultOAuth2ClientContext);
this.context = defaultOAuth2ClientContext;
this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
}
@Override
public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
OAuth2AccessToken accessToken = context.getAccessToken();
final Long diff = getCurrentTimeSeconds() - LAST_RESET;
/*
Either use a hardcoded variable or use the value stored in
context.getAccessToken().getAdditionalInformation().
*/
if (diff > FORCE_EXPIRATION) {
LOGGER.info("Access token has expired! Generating new one...");
this.LAST_RESET = getCurrentTimeSeconds();
context.setAccessToken(null);
accessToken = acquireAccessToken(context);
} else {
accessToken = super.getAccessToken();
}
LOGGER.info("Access token: " + context.getAccessToken().getValue());
return accessToken;
}
private Long getCurrentTimeSeconds() {
return System.currentTimeMillis() / 1000L;
}
}
现在豆子:
@Bean
public OAuth2RestTemplate restTemplate() throws Exception {
final AccessTokenRequest atr = new DefaultAccessTokenRequest();
final OAuth2RestTemplate oAuth2RestTemplate = new CustomOAuth2RestTemplate(resource(),
new DefaultOAuth2ClientContext(atr), 10800L); //example: 3h
oAuth2RestTemplate.setRequestFactory(customRequestFactory());
return oAuth2RestTemplate;
}
编辑 2:
在我对OAuth2RestTemplateclass分析的比较透彻之后,需要进行代码重构:
public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
private Long LAST_RESET = getCurrentTimeSeconds();
private Long FORCE_EXPIRATION;
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
super(resource);
this.FORCE_EXPIRATION = 10800L; //3h
}
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
super(resource, defaultOAuth2ClientContext);
this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
}
@Override
public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
final Long diff = getCurrentTimeSeconds() - LAST_RESET;
/*
Either use a hardcoded variable or use the value stored in
context.getAccessToken().getAdditionalInformation().
*/
if (diff > FORCE_EXPIRATION) {
LOGGER.info("Access token has expired! Generating new one...");
this.LAST_RESET = getCurrentTimeSeconds();
final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
oAuth2ClientContext.setAccessToken(null);
return acquireAccessToken(oAuth2ClientContext);
}
return super.getAccessToken();
}
private Long getCurrentTimeSeconds() {
return System.currentTimeMillis() / 1000L;
}
}
您可以通过实现 TokenEnhancer 接口并覆盖其方法来添加自定义参数,如下所示:
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalInfo = new HashMap<>();
// additionalInfo.put("CUSTOM_PARAM1", "CUSTOM_VALUE1");
additionalInfo.put("username", authentication.getPrincipal());//adding username param
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends
AuthorizationServerConfigurerAdapter {
@Override
public void configure(final AuthorizationServerEndpointsConfigurer
endpoints) throws Exception {
final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer()));
endpoints.tokenStore(tokenStore)
.tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager);
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
希望对您有所帮助!
我将 post 作为答案,因为它工作得很好。唯一添加的是 synchronized 用于并发,因此永远不会请求多个访问令牌。
最终代码:
public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
private Long LAST_RESET = getCurrentTimeSeconds();
private Long FORCE_EXPIRATION;
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
super(resource);
this.FORCE_EXPIRATION = 10800L; // 3h
}
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
super(resource, defaultOAuth2ClientContext);
this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
}
@Override
public synchronized OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
final Long diff = getCurrentTimeSeconds() - LAST_RESET;
/*
* Either use a hardcoded variable or use the value stored in
* context.getAccessToken().getAdditionalInformation().
*/
if (diff > FORCE_EXPIRATION) {
LOGGER.info("Access token has expired! Generating new one...");
this.LAST_RESET = getCurrentTimeSeconds();
final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
oAuth2ClientContext.setAccessToken(null);
return acquireAccessToken(oAuth2ClientContext);
}
return super.getAccessToken();
}
private Long getCurrentTimeSeconds() {
return System.currentTimeMillis() / 1000L;
}
}
授权服务器通常给你的标准 JSON 格式有一个名为 "expires_in" 的 属性,但现在我正在使用一个授权服务器,它给我一个 属性 名为 "access_token_expires_in"。因此,我的 OAuth2AccessToken 总是 returns isExpired 为 false,即使 access_token 已过期,这也是有意义的,因为它正在尝试读取不存在的 "expires_in" 属性 .来自 OAuth2AccessToken 的 getAdditionalInformation returns 我的 "access_token_expires_in" 属性 值为 18000.
我想知道我是否可以告诉 spring 使用 "access_token_expires_in" 属性 作为我的 access_token 的到期值?
我的代码:
@Configuration
class OAuth2RestConfiguration {
@Bean
protected OAuth2ProtectedResourceDetails resource() {
final ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
resourceDetails.setAccessTokenUri("<tokenUri>");
resourceDetails.setClientId("<clientId>");
resourceDetails.setClientSecret("<clientSecret>");
return resourceDetails;
}
@Bean
public OAuth2RestTemplate restTemplate() throws Exception {
final AccessTokenRequest atr = new DefaultAccessTokenRequest();
final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resource(),
new DefaultOAuth2ClientContext(atr));
return oAuth2RestTemplate;
}
}
授权服务器响应示例:
{
"refresh_token_expires_in": 0,
"access_token": "<access_token>",
"access_token_expires_in": 18000,
"token_type": "bearer"
}
编辑 1: 作为解决方法,我扩展了 OAuth2RestTemplate class 并覆盖了 getAccessToken 方法:
public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
private OAuth2ClientContext context;
private Long LAST_RESET = getCurrentTimeSeconds();
private Long FORCE_EXPIRATION;
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
super(resource);
this.context = super.getOAuth2ClientContext();
this.FORCE_EXPIRATION = 10800L;
}
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
super(resource, defaultOAuth2ClientContext);
this.context = defaultOAuth2ClientContext;
this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
}
@Override
public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
OAuth2AccessToken accessToken = context.getAccessToken();
final Long diff = getCurrentTimeSeconds() - LAST_RESET;
/*
Either use a hardcoded variable or use the value stored in
context.getAccessToken().getAdditionalInformation().
*/
if (diff > FORCE_EXPIRATION) {
LOGGER.info("Access token has expired! Generating new one...");
this.LAST_RESET = getCurrentTimeSeconds();
context.setAccessToken(null);
accessToken = acquireAccessToken(context);
} else {
accessToken = super.getAccessToken();
}
LOGGER.info("Access token: " + context.getAccessToken().getValue());
return accessToken;
}
private Long getCurrentTimeSeconds() {
return System.currentTimeMillis() / 1000L;
}
}
现在豆子:
@Bean
public OAuth2RestTemplate restTemplate() throws Exception {
final AccessTokenRequest atr = new DefaultAccessTokenRequest();
final OAuth2RestTemplate oAuth2RestTemplate = new CustomOAuth2RestTemplate(resource(),
new DefaultOAuth2ClientContext(atr), 10800L); //example: 3h
oAuth2RestTemplate.setRequestFactory(customRequestFactory());
return oAuth2RestTemplate;
}
编辑 2: 在我对OAuth2RestTemplateclass分析的比较透彻之后,需要进行代码重构:
public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
private Long LAST_RESET = getCurrentTimeSeconds();
private Long FORCE_EXPIRATION;
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
super(resource);
this.FORCE_EXPIRATION = 10800L; //3h
}
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
super(resource, defaultOAuth2ClientContext);
this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
}
@Override
public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
final Long diff = getCurrentTimeSeconds() - LAST_RESET;
/*
Either use a hardcoded variable or use the value stored in
context.getAccessToken().getAdditionalInformation().
*/
if (diff > FORCE_EXPIRATION) {
LOGGER.info("Access token has expired! Generating new one...");
this.LAST_RESET = getCurrentTimeSeconds();
final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
oAuth2ClientContext.setAccessToken(null);
return acquireAccessToken(oAuth2ClientContext);
}
return super.getAccessToken();
}
private Long getCurrentTimeSeconds() {
return System.currentTimeMillis() / 1000L;
}
}
您可以通过实现 TokenEnhancer 接口并覆盖其方法来添加自定义参数,如下所示:
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalInfo = new HashMap<>();
// additionalInfo.put("CUSTOM_PARAM1", "CUSTOM_VALUE1");
additionalInfo.put("username", authentication.getPrincipal());//adding username param
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends
AuthorizationServerConfigurerAdapter {
@Override
public void configure(final AuthorizationServerEndpointsConfigurer
endpoints) throws Exception {
final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer()));
endpoints.tokenStore(tokenStore)
.tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager);
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
希望对您有所帮助!
我将 post 作为答案,因为它工作得很好。唯一添加的是 synchronized 用于并发,因此永远不会请求多个访问令牌。
最终代码:
public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
private Long LAST_RESET = getCurrentTimeSeconds();
private Long FORCE_EXPIRATION;
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
super(resource);
this.FORCE_EXPIRATION = 10800L; // 3h
}
public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
super(resource, defaultOAuth2ClientContext);
this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
}
@Override
public synchronized OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
final Long diff = getCurrentTimeSeconds() - LAST_RESET;
/*
* Either use a hardcoded variable or use the value stored in
* context.getAccessToken().getAdditionalInformation().
*/
if (diff > FORCE_EXPIRATION) {
LOGGER.info("Access token has expired! Generating new one...");
this.LAST_RESET = getCurrentTimeSeconds();
final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
oAuth2ClientContext.setAccessToken(null);
return acquireAccessToken(oAuth2ClientContext);
}
return super.getAccessToken();
}
private Long getCurrentTimeSeconds() {
return System.currentTimeMillis() / 1000L;
}
}