Spring OAuth2 Redis 客户端详细信息

Question

我有一个 oauth2 的工作示例，并为客户端和资源所有者进行内存中身份验证和授权。

我想使用 Redis，但对如何设置它有点困惑。

如何调整下面的代码，以便能够在 Redis 中保存数据(例如 token 、refresh_token 和其他客户端详细信息)

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Value("${spring.oauth2.realm.id}")
    private String REALM;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client001")
                .authorizedGrantTypes("client_credentials", "password")
                .authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
                .scopes("read", "write", "trust")
                .secret("secret")
                .accessTokenValiditySeconds(120) 
                .refreshTokenValiditySeconds(600);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore)
                .userApprovalHandler(userApprovalHandler)
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.realm(REALM + "/client");
    }

}

[已更新]

我能够利用 RedisTokenStore 将 token 存储到 Redis。为此，请在您的 OAuth2SecurityConfiguration 中替换以下行:

@Bean
public TokenStore tokenStore() {
    return new InMemoryTokenStore();
}

与...

@Bean
public TokenStore tokenStore(final RedisConnectionFactory factory) {
    return new RedisTokenStore(factory);
}

现在在AuthorizationServerConfiguration#configure(final ClientDetailsS​​erviceConfigurerclients);中遇到了一个新问题。是否支持redis？

@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
      clients.inMemory()
        .withClient("client001")
        .secret("secret")
        .authorizedGrantTypes("client_credentials", "password")
        .authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        .accessTokenValiditySeconds(60) 
        .refreshTokenValiditySeconds(120);
    }

当我查看ClientDetailsS​​erviceConfigurer时，它只支持inMemory()和jdbc()。我打算使用withClientDetails()来支持redis。是否有 RedisClientDetailsS​​ervice 或类似的东西？

非常感谢任何对其实现的意见和建议。

Answer 1

我能够将客户端详细信息存储到 Redis。

这些是我所做的步骤:

1. 创建以下类:

   • RedisClientDetailsS​​erviceBuilder.java
   • RedisClientDetailsS​​ervice.java

RedisClientDetailsS​​ervice

public class RedisClientDetailsService implements ClientDetailsService {

    private PasswordEncoder passwordEncoder = NoOpPasswordEncoder.getInstance();

    private Map<String, ClientDetails> clientDetailsStore = new HashMap<String, ClientDetails>();

    public ClientDetails loadClientByClientId(final String clientId) throws ClientRegistrationException {
        final ClientDetails details = clientDetailsStore.get(clientId);
        if (details == null) {
            throw new NoSuchClientException("No client with requested id: " + clientId);
        }
        return details;
    }

    public void setClientDetailsStore(final Map<String, ? extends ClientDetails> clientDetailsStore) {
        this.clientDetailsStore = new HashMap<String, ClientDetails>(clientDetailsStore);
    }

    /**
     * @param passwordEncoder the password encoder to set
     */
    public void setPasswordEncoder(final PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }
}

RedisClientDetailsS​​erviceBuilder

public class RedisClientDetailsServiceBuilder extends ClientDetailsServiceBuilder<RedisClientDetailsServiceBuilder> {

    private Map<String, ClientDetails> clientDetails = new HashMap<String, ClientDetails>();

    private PasswordEncoder passwordEncoder; // for writing client secrets

    public RedisClientDetailsServiceBuilder passwordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
        return this;
    }

    @Override
    protected void addClient(
            final String clientId,
            final ClientDetails build) {

        clientDetails.put(clientId, build);
    }

    @Override
    protected ClientDetailsService performBuild() {
        final RedisClientDetailsService redisClientDetailsService = new RedisClientDetailsService();
        if (passwordEncoder != null) {
            // This is used to encode secrets as they are added to the database (if it isn't set then the user has top
            // pass in pre-encoded secrets)
            redisClientDetailsService.setPasswordEncoder(passwordEncoder);
        }

        redisClientDetailsService.setClientDetailsStore(clientDetails);
        return redisClientDetailsService;
    }

}

然后在 AuthorizationServerConfiguration#configure() 上，使用我们创建的构建器设置客户端构建器。

@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
    final RedisClientDetailsServiceBuilder builder = new RedisClientDetailsServiceBuilder();
    clients.setBuilder(builder);

    // @formatter:off
    builder.withClient("client001")
          .secret("secret")
          .authorizedGrantTypes("client_credentials", "password")
          .authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
          .scopes("read", "write", "trust")
          .accessTokenValiditySeconds(120)
          .refreshTokenValiditySeconds(400)
    // @formatter:on
}