到目前为止,我有这个:
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private ClientService clientService;
@Autowired
private UserService userService;
@Value( "${spring.security.oauth2.jwt.keystore.password}" )
private String keyStorePassword;
@Value( "${spring.security.oauth2.jwt.keystore.alias}" )
private String keyStoreAlias;
@Value( "${spring.security.oauth2.jwt.keystore.filename}" )
private String keyStoreFilename;
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientService);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
configurer
.tokenStore(tokenStore())
.accessTokenConverter(accessTokenConverter())
.authenticationManager(authenticationManager).userDetailsService(userService);
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
KeyStoreKeyFactory keyStoreKeyFactory =
new KeyStoreKeyFactory(new ClassPathResource(keyStoreFilename), keyStorePassword.toCharArray());
converter.setKeyPair(keyStoreKeyFactory.getKeyPair(keyStoreAlias));
return converter;
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
}
这很完美,可以让我使用JWT令牌对请求进行身份验证,但是我从clientcredentialgrant或passwordgrant获得的有效负载不仅将access_token更改为JWT,还更改了刷新令牌。有什么方法可以让访问令牌成为JWT,但没有刷新令牌?
谢谢, 克里斯