oauth2.0 如何防止每次在WebClient中请求新的访问令牌

dsekswqp  于 2023-08-02  发布在  其他
关注(0)|答案(1)|浏览(112)

我们有WebClient配置:

application.yml

security:
  oauth2:
    client:
      registration:
        custom-client:
          authorization-grant-type: client_credentials
          client-authentication-method: client_secret_post
          client-id: somedummyid
          client-secret: somedummysecret
          provider: custom-client
      provider:
        custom-client:
          token-uri: xxxxxxxxxx/token

字符串

配置类:

@Configuration
public class WebClientConfig {

    @Bean
    public OAuth2AuthorizedClientManager authClientManager (ClientRegistrationRepository clientRegistrationRepository,
                                                                           OAuth2AuthorizedClientService authorizedClientService,
                                                                           HttpComponentsClientHttpRequestFactory requestFactory) {

        RestTemplate restTemplate = new RestTemplate(
            Arrays.asList(new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));

        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(requestFactory));

        final DefaultClientCredentialsTokenResponseClient tokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
        tokenResponseClient.setRestOperations(restTemplate);
        final ClientCredentialsOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
        authorizedClientProvider.setAccessTokenResponseClient(tokenResponseClient);
        final AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager =
            new AuthorizedClientServiceOAuth2AuthorizedClientManager(
                clientRegistrationRepository, authorizedClientService);

        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

        return authorizedClientManager;
    }

    @Bean
    public WebClient customWebClient(@Qualifier("authClientManager") OAuth2AuthorizedClientManager authorizedClientManager,
                                         @Qualifier("requestReactorFactory") ReactorClientHttpConnector connector,
                                         @Value("${baseUrl}") String baseUrl) {
        ServletOAuth2AuthorizedClientExchangeFilterFunction oAuth2Filer = new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
        oAuth2Filer.setDefaultClientRegistrationId("custom-client");

        return WebClient.builder()
            .clientConnector(connector)
            .filter(oAuth2Filer)
            .baseUrl(baseUrl)
            .build();

    }
}


我们有一个服务,我们执行WebClient来调用另一个服务:

@Service
public class CustomService {

private WebClient webClient;

    public CustomService(@Qualifier("customWebClient") WebClient webClient) {
        this.webClient = webClient;
    }

    private execute() {
      return webClient.post()
        .uri("xxxxx")
        .body(xxxx)
        .retrieve()
        .bodyToMono(xxx)
        .block();
   }

}

问题:

我们有一些批量触发器,我们在一分钟内有几千个请求。由于这个事实,我们对我们提出请求的服务有一些限制。

问题:

我们如何存储/缓存第一次API调用检索到的访问令牌,并使其在特定时间内有效?我们希望在1分钟内避免数千个新令牌的请求。

6l7fqoea

6l7fqoea1#

对于任何正在寻找解决方案的人来说。我在这里找到了一些有用的文章:
How to handle token refreshing in Spring Webflux WebClient
并通过创建自定义服务来解决我的问题,在那里我检查access_token是否有效,并决定刷新或保留旧值。
当涉及到WebClient时,我们可以简单地将token值放入头部(检查上面帖子中突出显示的答案)。

相关问题