Spring Security 如何在springoauth中使用redis令牌存储获取jwt令牌的解码细节

az31mfrm 于 2023-08-05 发布在 Spring

关注(0)|答案(3)|浏览(138)

我已经使用令牌存储JwtTokenStore（JwtAccessTokenStore）成功获得了解码详细信息，但现在需要使用redis，以便我可以撤销令牌。
下面是我代码：

@Bean
public TokenStore tokenStore() {
    return new RedisTokenStore(redisConnectionFactory);
    // return new JwtTokenStore(defaultAccessTokenConverter());
}

@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setAccessTokenConverter(new CustomJWTAccessTokenConverter());
    try {
        converter.afterPropertiesSet();
    } catch (Exception e) {
        e.printStackTrace();
    }
    converter.setKeyPair(this.keyPair());
   
    return converter;
}

字符串
我的customjwtaccesstokenconverter：

public class CustomJWTAccessTokenConverter extends DefaultAccessTokenConverter  {

@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> claims) {
    OAuth2Authentication authentication
            = super.extractAuthentication(claims);
    authentication.setDetails(claims);
    return authentication;
   }
}

型
令牌增强器：

@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
    Map<String, Object> setAdditionalInformation = (Map<String, Object>) authentication.getUserAuthentication().getDetails();
    ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(setAdditionalInformation);
    return accessToken;
}

型
我不知道，当使用redistokenstore。它没有去CustomJWTAccessTokenConverter，因为当我试图获得额外的信息（decodeDetails）返回null。

OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
            OAuth2AuthenticationDetails authenticationDetails = (OAuth2AuthenticationDetails) authentication.getDetails();
            Map<String, Object> decodeDetails = (Map<String, Object>) authenticationDetails.getDecodedDetails();

型

spring-security

来源：https://stackoverflow.com/questions/64659714/how-to-get-decode-details-of-jwt-token-in-spring-oauth-use-redis-token-store

3条答案

按热度按时间

fnx2tebb1#

您还需要配置令牌增强器-

@Bean
public TokenStore tokenStore() {
    return new RedisTokenStore(redisConnectionFactory);
    // return new JwtTokenStore(defaultAccessTokenConverter());
}

@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setAccessTokenConverter(new CustomJWTAccessTokenConverter());
    try {
        converter.afterPropertiesSet();
    } catch (Exception e) {
        e.printStackTrace();
    }
    converter.setKeyPair(this.keyPair());
   
    return converter;
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints
        // some code here
        .tokenEnhancer(tokenEnhancer());
}

@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
    DefaultTokenServices tokenServices = new DefaultTokenServices();
   
    tokenServices.setTokenEnhancer(tokenEnhancer());
    return tokenServices;
}

// Beans beans beans

@Bean
public TokenEnhancer tokenEnhancer() {
    return new YourCustomTokenEnhancer();
}

字符串

赞(0）回复(0）举报 2023-08-05

h4cxqtbf2#

它解决了，但不确定这是正确的方式或不是。

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    TokenEnhancerChain chain = new TokenEnhancerChain();
    chain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), defaultAccessTokenConverter()));

    endpoints.exceptionTranslator(new OAuth2ExceptionTranslator())
            .tokenStore(tokenStore())
            .tokenEnhancer(chain)
            .authenticationManager(authenticationManager);
}

@Bean
public TokenStore tokenStore() {
    return new RedisTokenStore(redisConnectionFactory);
}

@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
    TokenEnhancerChain chain = new TokenEnhancerChain();
    chain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), defaultAccessTokenConverter()));

    DefaultTokenServices tokenServices = new DefaultTokenServices();
    tokenServices.setTokenEnhancer(chain);
    tokenServices.setTokenStore(new JwtTokenStore(defaultAccessTokenConverter()));
    tokenServices.setSupportRefreshToken(false);
    return tokenServices;
}

字符串
如果有人有更好的想法，请评论。

赞(0）回复(0）举报 2023-08-05

dnph8jn43#

最简单的方法在这里。

const decoded = jwt.decode(token, config);
console.log(decoded);

字符串
您还可以返回值。

赞(0）回复(0）举报 2023-08-05

我来回答

Spring Security 如何在springoauth中使用redis令牌存储获取jwt令牌的解码细节

3条答案

相关问题

热门标签

最新问答