如何在 spring oauth 使用 redis 令牌存储中获取 jwt 令牌的解码详细信息
How to get decode details of jwt token in spring oauth use redis token store
我已经使用令牌存储 JwtTokenStore(JwtAccessTokenStore) 成功获得解码细节,但现在它需要使用 redis 以便我可以撤销令牌。
这是我的代码:
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
// return new JwtTokenStore(defaultAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter(new CustomJWTAccessTokenConverter());
try {
converter.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
converter.setKeyPair(this.keyPair());
return converter;
}
和我的自定义jwtaccesstokenconverter:
public class CustomJWTAccessTokenConverter extends DefaultAccessTokenConverter {
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> claims) {
OAuth2Authentication authentication
= super.extractAuthentication(claims);
authentication.setDetails(claims);
return authentication;
}
}
令牌增强器:
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map<String, Object> setAdditionalInformation = (Map<String, Object>) authentication.getUserAuthentication().getDetails();
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(setAdditionalInformation);
return accessToken;
}
我不知道什么时候使用 redistokenstore。它没有转到 CustomJWTAccessTokenConverter,因为当我试图获取附加信息 (decodeDetails) 时返回 null。
OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
OAuth2AuthenticationDetails authenticationDetails = (OAuth2AuthenticationDetails) authentication.getDetails();
Map<String, Object> decodeDetails = (Map<String, Object>) authenticationDetails.getDecodedDetails();
您还需要配置令牌增强器 -
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
// return new JwtTokenStore(defaultAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter(new CustomJWTAccessTokenConverter());
try {
converter.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
converter.setKeyPair(this.keyPair());
return converter;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
// some code here
.tokenEnhancer(tokenEnhancer());
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenEnhancer(tokenEnhancer());
return tokenServices;
}
// Beans beans beans
@Bean
public TokenEnhancer tokenEnhancer() {
return new YourCustomTokenEnhancer();
}
解决了,但不确定方法是否正确。
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain chain = new TokenEnhancerChain();
chain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), defaultAccessTokenConverter()));
endpoints.exceptionTranslator(new OAuth2ExceptionTranslator())
.tokenStore(tokenStore())
.tokenEnhancer(chain)
.authenticationManager(authenticationManager);
}
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
TokenEnhancerChain chain = new TokenEnhancerChain();
chain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), defaultAccessTokenConverter()));
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenEnhancer(chain);
tokenServices.setTokenStore(new JwtTokenStore(defaultAccessTokenConverter()));
tokenServices.setSupportRefreshToken(false);
return tokenServices;
}
如果大家有更好的想法欢迎评论
我已经使用令牌存储 JwtTokenStore(JwtAccessTokenStore) 成功获得解码细节,但现在它需要使用 redis 以便我可以撤销令牌。
这是我的代码:
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
// return new JwtTokenStore(defaultAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter(new CustomJWTAccessTokenConverter());
try {
converter.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
converter.setKeyPair(this.keyPair());
return converter;
}
和我的自定义jwtaccesstokenconverter:
public class CustomJWTAccessTokenConverter extends DefaultAccessTokenConverter {
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> claims) {
OAuth2Authentication authentication
= super.extractAuthentication(claims);
authentication.setDetails(claims);
return authentication;
}
}
令牌增强器:
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map<String, Object> setAdditionalInformation = (Map<String, Object>) authentication.getUserAuthentication().getDetails();
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(setAdditionalInformation);
return accessToken;
}
我不知道什么时候使用 redistokenstore。它没有转到 CustomJWTAccessTokenConverter,因为当我试图获取附加信息 (decodeDetails) 时返回 null。
OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
OAuth2AuthenticationDetails authenticationDetails = (OAuth2AuthenticationDetails) authentication.getDetails();
Map<String, Object> decodeDetails = (Map<String, Object>) authenticationDetails.getDecodedDetails();
您还需要配置令牌增强器 -
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
// return new JwtTokenStore(defaultAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter(new CustomJWTAccessTokenConverter());
try {
converter.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
converter.setKeyPair(this.keyPair());
return converter;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
// some code here
.tokenEnhancer(tokenEnhancer());
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenEnhancer(tokenEnhancer());
return tokenServices;
}
// Beans beans beans
@Bean
public TokenEnhancer tokenEnhancer() {
return new YourCustomTokenEnhancer();
}
解决了,但不确定方法是否正确。
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain chain = new TokenEnhancerChain();
chain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), defaultAccessTokenConverter()));
endpoints.exceptionTranslator(new OAuth2ExceptionTranslator())
.tokenStore(tokenStore())
.tokenEnhancer(chain)
.authenticationManager(authenticationManager);
}
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
TokenEnhancerChain chain = new TokenEnhancerChain();
chain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), defaultAccessTokenConverter()));
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenEnhancer(chain);
tokenServices.setTokenStore(new JwtTokenStore(defaultAccessTokenConverter()));
tokenServices.setSupportRefreshToken(false);
return tokenServices;
}
如果大家有更好的想法欢迎评论