Spring Security OAuth2 使用Redis存储token键值详解
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了Spring Security OAuth2 使用Redis存储token键值详解,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含6099字,纯文字阅读大概需要9分钟。
内容图文
1.Spring Security OAuth2存储token值的方式由多种,所有的实现方式都是实现了TokenStore接口
- InMemoryTokenStore:token存储在本机的内存之中
- JdbcTokenStore:token存储在数据库之中
- JwtTokenStore:token不会存储到任何介质中
- RedisTokenStore:token存储在Redis数据库之中
2.看下RedisTokenStore实现类在redis中存储了那些key,贴上源码如下:
private static final String ACCESS = "access:";
private static final String AUTH_TO_ACCESS = "auth_to_access:";
private static final String AUTH = "auth:";
private static final String REFRESH_AUTH = "refresh_auth:";
private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
private static final String REFRESH = "refresh:";
private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
private static final String UNAME_TO_ACCESS = "uname_to_access:";
本案例是使用password、refresh_token模式,在Redis缓存中共存储了9个键值对,其中有5个跟access_token相关,4个和refresh_token相关;
- access_token相关access:(OAuth2AccessToken)、auth:(OAuth2Authentication)、auth_to_access:(OAuth2AccessToken)、client_id_to_access:(OAuth2AccessToken)、uname_to_access:(OAuth2AccessToken)
- refresh_token相关refresh:(OAuth2RefreshToken)、refresh_auth:(OAuth2Authentication)、access_to_refresh(refresh_token):、refresh_to_access:(refresh_token)
3.通过查看RedisTokenStore源码(源码我就不贴出来了)的方式理解每个key所存储的数据
- access:中存储的键是access:be171b573f5a496ca601b32b1360fe84,值是OAuth2AccessToken对象序列化后的值
- 键是access:+access_token
- 值示例如下:
{ "access_token": "12833d6c89fb4ea58cbe7b6ada5de7b5", "token_type": "bearer", "refresh_token": "357304ee0a404700b3e65d547713011b", "expires_in": 898, "scope": "test" }
- auth_to_access:中存储的键是auth_to_access:a994f2a9a61186f32870e32d72a38d21,值是OAuth2AccessToken序列化后的值
-
键是auth_to_access:+ username、client_id、scope三个MD5加密后的值
-
值示例如下:
{ "access_token": "12833d6c89fb4ea58cbe7b6ada5de7b5", "token_type": "bearer", "refresh_token": "357304ee0a404700b3e65d547713011b", "expires_in": 898, "scope": "test" }
- auth:中存储的键是auth:be171b573f5a496ca601b32b1360fe84,值是OAuth2Authentication对象序列化后的值
- 键是auth:+access_token值
- 值示例如下:
{
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": null,
"tokenValue": "dfec9f18e161408dbf66b85b94401d7f",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"grant_type": "password",
"username": "user",
"scope": "test"
},
"authenticated": true,
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"credentials": null,
"name": "user"
},
"credentials": "",
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"oauth2Request": {
"clientId": "client_password",
"scope": [
"test"
],
"requestParameters": {
"grant_type": "password",
"scope": "test",
"username": "user"
},
"resourceIds": [
"resource_password_id"
],
"authorities": [],
"approved": true,
"refresh": false,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"grantType": "password",
"refreshTokenRequest": null
},
"clientOnly": false,
"name": "user"
}
- refresh_auth:中存储的是refresh_auth:d0017ce6db6441d1b87a0a2804d1434b,值是OAuth2Authentication序列化后的值
- 键是:refresh_auth:+refresh_token值
- 值示例如下:
{
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": null,
"tokenValue": "dfec9f18e161408dbf66b85b94401d7f",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"grant_type": "password",
"username": "user",
"scope": "test"
},
"authenticated": true,
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"credentials": null,
"name": "user"
},
"credentials": "",
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"oauth2Request": {
"clientId": "client_password",
"scope": [
"test"
],
"requestParameters": {
"grant_type": "password",
"scope": "test",
"username": "user"
},
"resourceIds": [
"resource_password_id"
],
"authorities": [],
"approved": true,
"refresh": false,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"grantType": "password",
"refreshTokenRequest": null
},
"clientOnly": false,
"name": "user"
}
- access_to_refresh:中存储的是access_to_refresh:c90cab28971948d2a85ca2ae814641ed,值是refresh_token值
- 键是access_to_refresh:+refresh_token值
- 值是refresh_token值
- refresh:中存储的是refresh:d0017ce6db6441d1b87a0a2804d1434b,值是OAuth2RefreshToken对象序列化后的值
- 键是refresh:+refresh_token值
- 值示例如下:
{
"access_token": "dfec9f18e161408dbf66b85b94401d7f",
"token_type": "bearer",
"refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
"expires_in": 898,
"scope": "test"
}
- refresh_to_access:中存储的值是refresh_to_access:d0017ce6db6441d1b87a0a2804d1434b,值是refresh_token值
- 键是refresh_to_access:+refresh_token值
- 值示例如下:
be171b573f5a496ca601b32b1360fe84
- client_id_to_access:中存储的值是client_id_to_access:client_password,值是OAuth2AccessToken序列化后的值
- 键是client_id_to_access:+clientId
- 值示例如下:
{
"access_token": "dfec9f18e161408dbf66b85b94401d7f",
"token_type": "bearer",
"refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
"expires_in": 898,
"scope": "test"
}
- uname_to_access:中存储的键是uname_to_access:client_password:user,值是OAuth2AccessToken对象序列化后的值
- 键是:uname_to_access:+clientid+用户名
- 值示例如下:
{
"access_token": "dfec9f18e161408dbf66b85b94401d7f",
"token_type": "bearer",
"refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
"expires_in": 898,
"scope": "test"
}
内容总结
以上是互联网集市为您收集整理的Spring Security OAuth2 使用Redis存储token键值详解全部内容,希望文章能够帮你解决Spring Security OAuth2 使用Redis存储token键值详解所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。
来源:【匿名】