我通过承载令牌和访问群体id连接到外部api。但是,在承载令牌到期时,spring框架不会自动生成新令牌,而是使用相同的过期令牌,这会导致401未授权错误。
进一步研究发现,https://github.com/spring-projects/spring-security/issues/7699.
我试图通过添加下面的代码来实现removeauthorizedclientoauth2authorizationfailurehandler,但是我仍然看到即使在令牌过期时也会考虑使用旧令牌。
@Bean
@Qualifier("test")
WebClient clientAdfs(
@Value("${test.resource}") String resource) {
return WebClient.builder().exchangeStrategies(exchangeStrategies)
.apply(oauth2Config("test", resource)).build();
}
private Consumer<WebClient.Builder> oauth2Config(String clientRegistrationId, String resource) {
//Assign Resource ( audience id) value to oAuth2ClientManager
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(
oAuth2ClientManager);
oauth2.setDefaultClientRegistrationId(clientRegistrationId);
oauth2.setAuthorizationFailureHandler(fetchAuthorizationFailureHandler());
return oauth2.oauth2Configuration();
}
private OAuth2AuthorizationFailureHandler fetchAuthorizationFailureHandler() {
return new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
(clientRegistrationId, principal, attributes) ->
authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
(HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
(HttpServletResponse) attributes.get(HttpServletResponse.class.getName()));
);
}
请你们中的任何一位指导正确的实现方式,以便在令牌到期时spring自动生成新的令牌。
暂无答案!
目前还没有任何答案,快来回答吧!