JwtTokenStore.findTokensByClientId(clientId)始终返回空

时间:2017-07-14 06:46:46

标签: spring-boot spring-oauth2

我正在创建一个spring-boot-oauth2项目,我想撤销客户端的访问令牌。以下是我对Oauth2的配置。

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Bean
    public JwtTokenStore tokenStore() {
        JwtTokenStore store = new JwtTokenStore(jwtAccessTokenConverter());
        return store;
    }

    @Bean
    public TokenEnhancerChain tokenEnhancerChain() {
        final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(new CustomTokenEnhancer(), jwtAccessTokenConverter()));
        return tokenEnhancerChain;
    }

    @Bean
    @Primary
    public AuthorizationServerTokenServices tokenServices() {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setTokenStore(tokenStore());
        tokenServices.setTokenEnhancer(tokenEnhancerChain());
        tokenServices.setClientDetailsService(clientDetailsService);
        tokenServices.setSupportRefreshToken(true);
        return tokenServices;
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new CustomTokenEnhancer();
        KeyPair keyPair = new KeyStoreKeyFactory(new ClassPathResource("keystore.jks"), "secret".toCharArray()).getKeyPair("myapp-authkey");
        converter.setKeyPair(keyPair);
        return converter;
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // @formatter:off
        // register for backend application
        clients.inMemory()
          .withClient("myclient-backend")
          .secret("secret")
          .authorizedGrantTypes(
            "password","authorization_code", "refresh_token")
          .authorities("ROLE_TRUSTED_CLIENT")
          .scopes("read", "write", "update", "delete")
          .accessTokenValiditySeconds(1800) //Access token is only valid for 30 mins.
          .refreshTokenValiditySeconds(60 * 60 * 1) //Refresh token is only valid for 1 hour.
          .autoApprove(true)    
          ;     
     // @formatter:on
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        // @formatter:off
            endpoints.tokenServices(tokenServices())
            .tokenStore(tokenStore())
            .authenticationManager(authenticationManager)
            .accessTokenConverter(jwtAccessTokenConverter());
         // @formatter:on
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        // @formatter:off
        oauthServer.tokenKeyAccess("isAnonymous() || isRememberMe() || hasAuthority('ROLE_TRUSTED_CLIENT')")
            .checkTokenAccess("isAuthenticated() and hasAuthority('ROLE_TRUSTED_CLIENT')")
            .realm("mysecurityRealm");
         // @formatter:on
    }

}

当我尝试使用clientId从tokenStore获取访问令牌时,如下面的代码

@Autowired
private JwtTokenStore tokenStore;
@Autowired
private ConsumerTokenServices consumerTokenServices;

@RequestMapping(value = "/invalidateTokens", method = RequestMethod.POST)
public @ResponseBody Map<String, String> revokeAccessToken(@RequestParam(name = "access_token") String accessToken) {
    logger.info("Invalidating access token ==> " + accessToken);
    String clientId = "myclient-backend";
    List<String> tokenValues = new ArrayList<String>();
    Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByClientId(clientId);
    logger.debug("Listing all active tokens for clientId '" + clientId + "'" + tokens);
    if (tokens != null) {
        for (OAuth2AccessToken token : tokens) {
            logger.info("==> " + token.getValue());
            tokenValues.add(token.getValue());
        }
    }
    consumerTokenServices.revokeToken(accessToken);

    OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken);
    if (oAuth2AccessToken != null) {
        tokenStore.removeAccessToken(oAuth2AccessToken);
    }
    Map<String, String> ret = new HashMap<>();
    ret.put("removed_access_token", accessToken);
    return ret;
}

它总是将空数组输出为

Listing all active tokens for clientId 'myclient-backend'[]

我缺少什么配置?

1 个答案:

答案 0 :(得分:0)

抱歉......我应该以简单的方式配置TokenStore,这对于内存存储来说已经足够了..

@Bean
public TokenStore tokenStore() {
    return new InMemoryTokenStore();
}