springsecurity oauth2:如何通过在到期时生成新的oauth2令牌来重新授权令牌

nbnkbykc  于 2021-07-13  发布在  Java
关注(0)|答案(0)|浏览(309)

我通过承载令牌和访问群体id连接到外部api。但是,在承载令牌到期时,spring框架不会自动生成新令牌,而是使用相同的过期令牌,这会导致401未授权错误。
进一步研究发现,https://github.com/spring-projects/spring-security/issues/7699.
我试图通过添加下面的代码来实现removeauthorizedclientoauth2authorizationfailurehandler,但是我仍然看到即使在令牌过期时也会考虑使用旧令牌。

@Bean
@Qualifier("test")
WebClient clientAdfs(
        @Value("${test.resource}") String resource) {
    return WebClient.builder().exchangeStrategies(exchangeStrategies)
            .apply(oauth2Config("test", resource)).build();
}

private Consumer<WebClient.Builder> oauth2Config(String clientRegistrationId, String resource) {
    //Assign Resource ( audience id) value to oAuth2ClientManager
    ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction(
            oAuth2ClientManager);
    oauth2.setDefaultClientRegistrationId(clientRegistrationId);
    oauth2.setAuthorizationFailureHandler(fetchAuthorizationFailureHandler());
    return oauth2.oauth2Configuration();
}

private OAuth2AuthorizationFailureHandler fetchAuthorizationFailureHandler() {
    return new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
            (clientRegistrationId, principal, attributes) -> 
                authorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal,
                        (HttpServletRequest) attributes.get(HttpServletRequest.class.getName()),
                        (HttpServletResponse) attributes.get(HttpServletResponse.class.getName()));
            );
}

请你们中的任何一位指导正确的实现方式,以便在令牌到期时spring自动生成新的令牌。

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题