我设置了一个实体,以使用oauth2撤销我的JWT
@Entity
public class TokenBlackList {
@Id
private String jti;
private Long userId;
private Long expires;
private Boolean isBlackListed;
我的服务非常简单,请在身份验证之前先验证令牌 但是我在添加自定义DefaultsTokenServices时在授权服务器中遇到问题:
我创建了静态类:
static class MyTokenService extends DefaultTokenServices {
Logger logger = LoggerFactory.getLogger(MyTokenService.class);
private TokenBlackListService tokenBlackListService;
public MyTokenService(TokenBlackListService tokenBlackListService) {
this.tokenBlackListService = tokenBlackListService;
}
@Override
public OAuth2AccessToken readAccessToken(String accessToken) {
return super.readAccessToken(accessToken);
}
@Override
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
OAuth2AccessToken token = super.createAccessToken(authentication);
User user = (User) authentication.getPrincipal();
String jti = (String) token.getAdditionalInformation().get("jti");
tokenBlackListService.addToEnabledList(
user.getUserId(),
jti,
token.getExpiration().getTime()
);
return token;
}
@Override
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) throws AuthenticationException {
logger.info("refresh token: " + refreshTokenValue);
String jti = (String) tokenRequest.getRequestParameters().get("jti");
try {
if (jti != null) {
if (tokenBlackListService.isBlackListed(jti))
return null;
}
OAuth2AccessToken token = super.refreshAccessToken(refreshTokenValue, tokenRequest);
tokenBlackListService.addToBlackList(jti);
return token;
} catch (Exception e) {
e.getMessage();
return null;
}
}
}
,我这样修改了DefaultsTokenServices:
@Bean
@Primary
public DefaultTokenServices tokenServices() {
MyTokenService tokenService = new MyTokenService(tokenBlackListService);
tokenService.setTokenStore(tokenStore());
tokenService.setSupportRefreshToken(true);
tokenService.setClientDetailsService(clientDetailsService());
tokenService.setAuthenticationManager(this.authenticationManager);
tokenService.setTokenEnhancer(accessTokenConverter());
return tokenService;
}
我修改了AuthorizationServerEndpointsConfigurer后:
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(this.authenticationManager)
.tokenServices(tokenServices())
.tokenStore(tokenStore())
.accessTokenConverter(accessTokenConverter())
.userDetailsService(userDetailsService);
}
在使用PostMan时,我得到了怪异的响应:
{
"access_token": "9b51c1ec-3056-490d-a1cf-1e79fd8dba94",
"token_type": "bearer",
"expires_in": 43199,
"scope": "read write"
}
但是当我从AuthorizationServerEndpointsConfigurer中删除tokenServices(tokenServices())时,我得到了很好的令牌,但不是所期望的行为。
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsicmVzb3VyY2UiXSwidXNlcl9uYW1lIjoidXNlciIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJleHAiOjE1MzExNDk0NzgsImF1dGhvcml0aWVzIjpbIlVTRVIiXSwianRpIjoiMTZlODMxYzUtZjY3MC00ZTkxLWJkY2UtNGMxNDdiNDM3NmI3IiwiY2xpZW50X2lkIjoiYWx0ZWNhX3Bhc3N3b3JkIn0.X3ipRMbITJY2Mq-9ZmyJdzhA43KX-Arw4JlQE9XgdibF-jdtozApm5NCkxDAOIpfXvNRTD_hiHbHZluCoaQ5TnsrQZRHDg0jjPcugd93baU0nXZNiaxhmvycHRR95SM6y__uBM9Eloz9L3uxgU_TFK0GsZ3tP-qlWj7WqjelRiODRg5rdjNVr_uELXYIyPH-rhMDvuAidfW3hweij3h-IpuQA5z0yTwuOdfj4eIFTjdiLJixn9F6o3gOXHFlAzJxx1y9iz_J-YbXJXIaq7r0xK1rGZwQBDRQAfuPAvoeSJtBfZQfpLiP0ZjnxMT_bl00iOiti4ftfe3RheJJPbmmHQ",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsicmVzb3VyY2UiXSwidXNlcl9uYW1lIjoidXNlciIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJhdGkiOiIxNmU4MzFjNS1mNjcwLTRlOTEtYmRjZS00YzE0N2I0Mzc2YjciLCJleHAiOjE1MzExNDk0NzgsImF1dGhvcml0aWVzIjpbIlVTRVIiXSwianRpIjoiMTYyODk1YmQtMDEwYy00ODEzLTllOTctNDZlMjEwODQ2ZWMxIiwiY2xpZW50X2lkIjoiYWx0ZWNhX3Bhc3N3b3JkIn0.GHxXuKrW0wYDVGj8j-qoqd5DrrmMg26ljGMlGmdJzMFGypg_9ifJjYc5VVnVKFzftlaqUYSPPHmnDUnmPhPnyYwllU1mecVJsU_wrb3_pONnpgiSkd4DmQNBIUHxuOANX7Jv1bcAlJgJZLCUD2OFeAb6KZhEht1OPcup6JFirTlZKWkMK4TqfOg2RaEtSNXEC_Xmx-V1HBGil_fh16iamEqT-zuM9HWe5_6vkQFO2RtPeGAo12RPjL6CXzg4IvJDWkhuOSW01ja6bMZYW3e0TafiXUZC4JfpL5raRPlW4r-f9EGH6tyO550uHj3Z35a0YkWha29iofhHOpcoHfWjjQ",
"expires_in": 99,
"scope": "read write",
"jti": "16e831c5-f670-4e91-bdce-4c147b4376b7"
}
我搜索了很多,但没有找到响应,我也尝试按照tinmegali教程进行操作,但没有成功。
谢谢