java - spring boot oauth2 不要在 oauth_access_token 中插入值

问题描述

我想撤销用户的令牌。为此，我尝试检索应用程序的用户令牌列表。

我发现这个例子可以满足我的需要。

所以我开始使用 TokenStore 来存储我的令牌所以我的数据库中有这些新表（postgres）：

CREATE TABLE oauth_access_token
(
    token_id          VARCHAR(255),
    token             bytea,
    authentication_id VARCHAR(255),
    user_name         VARCHAR(255),
    client_id         VARCHAR(255),
    authentication    bytea,
    refresh_token     VARCHAR(255)
);

CREATE TABLE oauth_refresh_token
(
    token_id       VARCHAR(255),
    token          bytea,
    authentication bytea
);

此表用于以下配置：

AuthServerOAuth2Config

@Configuration
@EnableAuthorizationServer
@FrameworkEndpoint
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {

    private static final int ACCESS_TOKEN_VALIDITY_SECONDS = 2 * 60 * 60;
    private static final int REFRESH_TOKEN_VALIDITY_SECONDS = 2 * ACCESS_TOKEN_VALIDITY_SECONDS;

    @Value("${oauth.client-id}")
    private String clientId;

    @Value("${oauth.secret}")
    private String clientSecret;

    private final AuthenticationManager authenticationManager;

    @Autowired
    private Environment env;

    @Autowired
    private DataSource dataSource;

    @Autowired
    public AuthServerOAuth2Config(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(clientSecret);
        return converter;
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
        configurer
                .inMemory()
                .withClient(clientId)
                .secret(clientSecret)
                .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                .scopes("read", "write", "trust")
                .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
                .refreshTokenValiditySeconds(REFRESH_TOKEN_VALIDITY_SECONDS);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.authenticationManager(authenticationManager);
        endpoints.tokenStore(tokenStore());
    }
}

我的数据库的配置在应用程序的 .properties 文件中定义。我可以很好地访问我的桌子，但它们仍然是空的。

标签： javaspring-bootspring-securityoauth-2.0spring-security-oauth2