Spring OAuth2 Redis客户端详细信息

Question

我有一个oauth2的工作示例，其余部分是资源的客户端和所有者的内存身份验证和授权。

我想使用Redis并且对如何设置它感到有点困惑。

如何调整下面的代码，以便能够在 Redis （例如令牌，refresh_token和其他客户端详细信息）中保留数据

＆＃13;

＆＃13;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Value("${spring.oauth2.realm.id}")
    private String REALM;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client001")
                .authorizedGrantTypes("client_credentials", "password")
                .authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
                .scopes("read", "write", "trust")
                .secret("secret")
                .accessTokenValiditySeconds(120) 
                .refreshTokenValiditySeconds(600);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore)
                .userApprovalHandler(userApprovalHandler)
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.realm(REALM + "/client");
    }

}

＆＃13;

＆＃13;

＆＃13;

[更新]

我可以使用 RedisTokenStore 将令牌存储到 Redis 。为此，请在 OAuth2SecurityConfiguration 中替换以下行：

＆＃13;

＆＃13;

@Bean
public TokenStore tokenStore() {
    return new InMemoryTokenStore();
}

＆＃13;

＆＃13;

＆＃13;

与......

＆＃13;

＆＃13;

@Bean
public TokenStore tokenStore(final RedisConnectionFactory factory) {
    return new RedisTokenStore(factory);
}

＆＃13;

＆＃13;

＆＃13;

现在遇到了一个新问题， AuthorizationServerConfiguration#configure(final ClientDetailsServiceConfigurer clients); 。是否支持 redis ？

＆＃13;

＆＃13;

@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
      clients.inMemory()
        .withClient("client001")
        .secret("secret")
        .authorizedGrantTypes("client_credentials", "password")
        .authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        .accessTokenValiditySeconds(60) 
        .refreshTokenValiditySeconds(120);
    }

＆＃13;

＆＃13;

＆＃13;

当我浏览 ClientDetailsS​​erviceConfigurer 时，它只支持 inMemory（）和 jdbc（）。我打算使用 withClientDetails（）来支持redis。是否有 RedisClientDetailsS​​ervice 之类的东西？

非常感谢对其实施的任何意见和建议。

Answer 1

我能够将客户端详细信息存储到Redis。

这些是我所做的步骤：

1. 创建以下类：

   • RedisClientDetailsS​​erviceBuilder.java
   • RedisClientDetailsS​​ervice.java

<强> RedisClientDetailsS​​ervice

public class RedisClientDetailsService implements ClientDetailsService {

    private PasswordEncoder passwordEncoder = NoOpPasswordEncoder.getInstance();

    private Map<String, ClientDetails> clientDetailsStore = new HashMap<String, ClientDetails>();

    public ClientDetails loadClientByClientId(final String clientId) throws ClientRegistrationException {
        final ClientDetails details = clientDetailsStore.get(clientId);
        if (details == null) {
            throw new NoSuchClientException("No client with requested id: " + clientId);
        }
        return details;
    }

    public void setClientDetailsStore(final Map<String, ? extends ClientDetails> clientDetailsStore) {
        this.clientDetailsStore = new HashMap<String, ClientDetails>(clientDetailsStore);
    }

    /**
     * @param passwordEncoder the password encoder to set
     */
    public void setPasswordEncoder(final PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }
}

<强> RedisClientDetailsS​​erviceBuilder

public class RedisClientDetailsServiceBuilder extends ClientDetailsServiceBuilder<RedisClientDetailsServiceBuilder> {

    private Map<String, ClientDetails> clientDetails = new HashMap<String, ClientDetails>();

    private PasswordEncoder passwordEncoder; // for writing client secrets

    public RedisClientDetailsServiceBuilder passwordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
        return this;
    }

    @Override
    protected void addClient(
            final String clientId,
            final ClientDetails build) {

        clientDetails.put(clientId, build);
    }

    @Override
    protected ClientDetailsService performBuild() {
        final RedisClientDetailsService redisClientDetailsService = new RedisClientDetailsService();
        if (passwordEncoder != null) {
            // This is used to encode secrets as they are added to the database (if it isn't set then the user has top
            // pass in pre-encoded secrets)
            redisClientDetailsService.setPasswordEncoder(passwordEncoder);
        }

        redisClientDetailsService.setClientDetailsStore(clientDetails);
        return redisClientDetailsService;
    }

}

1. 然后在 AuthorizationServerConfiguration＃configure（）上，使用我们制作的构建器设置客户端构建器。

@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
    final RedisClientDetailsServiceBuilder builder = new RedisClientDetailsServiceBuilder();
    clients.setBuilder(builder);

    // @formatter:off
    builder.withClient("client001")
          .secret("secret")
          .authorizedGrantTypes("client_credentials", "password")
          .authorities("ROLE_ADMIN", "ROLE_TRUSTED_CLIENT")
          .scopes("read", "write", "trust")
          .accessTokenValiditySeconds(120)
          .refreshTokenValiditySeconds(400)
    // @formatter:on
}