目前,我正在Spring boot中编写示例代码,以实现OAuth2以保护我的API。
我将access_tokens和refresh_tokens分别存储在 oauth_access_token 和 oauth_refresh_token 表中。
现在问题是存储在数据库中的令牌,它们与我从 / oauth / token生成的令牌不一样端点。
令牌自动加密并存储在数据库中,如果是,那么我如何通过解密它们来访问我的资源(API)来访问我的令牌。
由于Spring Security& Spring Boot的文档要阅读,所以我无法弄清楚Spring如何在内部实现OAuth2。
AUTHORIZATION SERVER CODE
@EnableAuthorizationServer
@Configuration
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {
private final AuthenticationManager authenticationManager;
private final AppConfig appConfig;
@Autowired
public AuthServerOAuth2Config(AuthenticationManager authenticationManager, AppConfig appConfig) {
this.authenticationManager = authenticationManager;
this.appConfig = appConfig;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(appConfig.dataSource());
}
@Override
public void configure (AuthorizationServerSecurityConfigurer security) throws Exception {
/*
* Allow our tokens to be delivered from our token access point as well as for tokens
* to be validated from this point
*/
security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.tokenStore(appConfig.tokenStore()); // Persist the tokens in the database
}
}
参考 - http://dazito.com/java/spring-boot-and-oauth2-with-jdbc#disqus_thread