我正在尝试在Spring启动应用程序中为用户创建一个额外的访问令牌。我不知道他们的密码,但用户有权使用该应用程序。从我所看到的,我需要调用类似
的东西OAuth2AccessToken accessToken = tokenServices.createAccessTokenForUser(authenticationRequest, user);
其中tokenServices可能是DefaultTokenServices的一个实例。问题是如何获得对配置的令牌服务的引用?我看到这是连接到AuthorizationServerEndpointsConfigurer但我不能自动装入。我使用JWT进行身份验证,所以真的在寻找一种生成JWT令牌的方法。
正在尝试实施Spring OAuth2 - Manually creating an access token in the token store
中列出的流程答案 0 :(得分:0)
在我的spring-security-config.xml中,我有这个:
<bean id="tokenServices" class="de.hybris.platform.ycommercewebservices.oauth2.token.provider.HybrisOAuthTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="refreshTokenValiditySeconds" value="2592000" />
<!-- 60*60*24*30 = 30d -->
<property name="accessTokenValiditySeconds" value="43200" />
<!-- 60*60*12 = 12h -->
</bean>
我可以在哪里配置自定义的tokenServices
public class HybrisOAuthTokenServices extends DefaultTokenServices{
@Override
public OAuth2AccessToken createAccessToken(final OAuth2Authentication authentication) throws AuthenticationException{
try{
return super.createAccessToken(authentication);
}catch (final ModelSavingException e) {
//in case when other client was faster in saving access token - try to get token again
return super.createAccessToken(authentication);
}catch (final ModelRemovalException e) {
//in case when other client was faster in removing expired token - try to get token again
return super.createAccessToken(authentication);
}
}
}