我有一个 oauth2 的工作示例,并为客户端和资源所有者进行内存中身份验证和授权。
我想使用 Redis,但对如何设置它有点困惑。
如何调整下面的代码,以便能够在 Redis 中保存数据(例如 token 、refresh_token 和其他客户端详细信息)
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Value("${spring.oauth2.realm.id}")
private String REALM;
@Autowired
private TokenStore tokenStore;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client001")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.secret("secret")
.accessTokenValiditySeconds(120)
.refreshTokenValiditySeconds(600);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore)
.userApprovalHandler(userApprovalHandler)
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.realm(REALM + "/client");
}
}
[已更新]
我能够利用 RedisTokenStore 将 token 存储到 Redis。为此,请在您的 OAuth2SecurityConfiguration 中替换以下行:
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
与...
@Bean
public TokenStore tokenStore(final RedisConnectionFactory factory) {
return new RedisTokenStore(factory);
}
现在在AuthorizationServerConfiguration#configure(final ClientDetailsServiceConfigurerclients);
中遇到了一个新问题。是否支持redis?
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client001")
.secret("secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.accessTokenValiditySeconds(60)
.refreshTokenValiditySeconds(120);
}
当我查看ClientDetailsServiceConfigurer时,它只支持inMemory()和jdbc()。我打算使用withClientDetails()来支持redis。是否有 RedisClientDetailsService 或类似的东西?
非常感谢任何对其实现的意见和建议。
最佳答案
我能够将客户端详细信息存储到 Redis。
这些是我所做的步骤:
创建以下类:
- RedisClientDetailsServiceBuilder.java
- RedisClientDetailsService.java
RedisClientDetailsService
public class RedisClientDetailsService implements ClientDetailsService {
private PasswordEncoder passwordEncoder = NoOpPasswordEncoder.getInstance();
private Map<String, ClientDetails> clientDetailsStore = new HashMap<String, ClientDetails>();
public ClientDetails loadClientByClientId(final String clientId) throws ClientRegistrationException {
final ClientDetails details = clientDetailsStore.get(clientId);
if (details == null) {
throw new NoSuchClientException("No client with requested id: " + clientId);
}
return details;
}
public void setClientDetailsStore(final Map<String, ? extends ClientDetails> clientDetailsStore) {
this.clientDetailsStore = new HashMap<String, ClientDetails>(clientDetailsStore);
}
/**
* @param passwordEncoder the password encoder to set
*/
public void setPasswordEncoder(final PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
}
RedisClientDetailsServiceBuilder
public class RedisClientDetailsServiceBuilder extends ClientDetailsServiceBuilder<RedisClientDetailsServiceBuilder> {
private Map<String, ClientDetails> clientDetails = new HashMap<String, ClientDetails>();
private PasswordEncoder passwordEncoder; // for writing client secrets
public RedisClientDetailsServiceBuilder passwordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
return this;
}
@Override
protected void addClient(
final String clientId,
final ClientDetails build) {
clientDetails.put(clientId, build);
}
@Override
protected ClientDetailsService performBuild() {
final RedisClientDetailsService redisClientDetailsService = new RedisClientDetailsService();
if (passwordEncoder != null) {
// This is used to encode secrets as they are added to the database (if it isn't set then the user has top
// pass in pre-encoded secrets)
redisClientDetailsService.setPasswordEncoder(passwordEncoder);
}
redisClientDetailsService.setClientDetailsStore(clientDetails);
return redisClientDetailsService;
}
}
- 然后在 AuthorizationServerConfiguration#configure() 上,使用我们创建的构建器设置客户端构建器。
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
final RedisClientDetailsServiceBuilder builder = new RedisClientDetailsServiceBuilder();
clients.setBuilder(builder);
// @formatter:off
builder.withClient("client001")
.secret("secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.accessTokenValiditySeconds(120)
.refreshTokenValiditySeconds(400)
// @formatter:on
}
关于Spring OAuth2 Redis 客户端详细信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42775964/