如何在Spring Oauth2中为不同的URL配置不同的超时?

时间:2016-04-24 06:02:08

标签: spring-boot oauth-2.0 settimeout

假设我配置了两个不同网址的API资源:

  1. / API /安全/ **
  2. / API /管理/ ** 
    3.  public override bool OnOptionsItemSelected(IMenuItem item)
        {
            switch (item.ItemId)
            {                
                case Resource.Id.updateid:
                    var progressDialog = ProgressDialog.Show(this, "", "Updating...", true);
                    progressDialog.SetProgressStyle(ProgressDialogStyle.Spinner);

                    new Thread(new ThreadStart(delegate
                    {
                        RunOnUiThread(() =>
                        {
                            for (int i = 0; i < 100; i++)
                            {                                
                                eTxt[i].Text = slnArray[i].ToString();                               
                            }
                            progressDialog.Dismiss();
                        }
                        );             
                    })).Start();

                    return true;
                default:
                    return base.OnOptionsItemSelected(item);
            }
        }

    我配置了超时:

    1. 用于刷新令牌:1天;
    2. 用于访问令牌:30分钟; 
      3. @Override
public void configure(HttpSecurity http) throws Exception {

    http.exceptionHandling()
            .authenticationEntryPoint(customAuthenticationEntryPoint)
            .and()
            .logout()
            .logoutUrl("/oauth/logout")
            .logoutSuccessHandler(customLogoutSuccessHandler)
            .and()
            .csrf()
            .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize"))
            .disable()
            .headers()
            .frameOptions()
            .disable()
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/api/secure/**").hasAnyAuthority(Authorities.ROLE_USER.name(), Authorities.ROLE_ADMIN.name())
            .antMatchers("/admin/**").hasAnyAuthority(Authorities.ROLE_ADMIN.name());
}

      如何为/ api / secure / **(如上所述)和/ api / admin / **(refreshToken:20分钟,accessToken:10秒)进行不同的超时?

1 个答案:

答案 0 :(得分:0)

您可以使用

添加第二个客户端的配置 
.and()
       .withClient("anotherClient")
       .....

运行时使用的客户端取决于客户端指定的内容:

http://localhost:8080/oauth/authorize?
 response_type=code
 &client_id=anotherClient
 &redirect_url=http://client_host?key=value
 &scope=read

您可以在implementing oauth2 with spring security

找到一个好的教程
相关问题
最新问题