为什么Spring Security OAuth2客户端需要AuthorizationRequestRepository?

时间:2019-06-02 07:50:31

标签: spring spring-boot spring-security spring-security-oauth2

应用spring oauth2客户端时遇到问题。

我发现 const ListItem = ({ level = 0, hasNodes, isOpen, label, searchTerm, openNodes, toggleNode, // should be destruct here in favor of ToggleIcon onClick, matchSearch, ...props }) => ( // ..... {hasNodes && <ToggleIcon on={isOpen} onClick={toggleNode} />} 想创建一个org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter并通过OAuth2AuthorizationRequest临时存储。

相关代码:

authorizationRequestRepository

文档中指出,默认实现是将其存储在HttpSession中,如果需要,可用于将其存储在cookie中。

相关文档:https://docs.spring.io/spring-security/site/docs/5.0.7.RELEASE/reference/html/oauth2login-advanced.html#oauth2login-advanced-authorization-request-repository

问题)

但是我不明白。为什么// OAuth2AuthorizationRequestRedirectFilter.class protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) { OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request); ... this.sendRedirectForAuthorization(request, response, authorizationRequest); .... } private void sendRedirectForAuthorization(HttpServletRequest request, HttpServletResponse response, OAuth2AuthorizationRequest authorizationRequest) { ... this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); ... } 对象不应存储在内存中? 我不知道为什么Spring Security提供了authorizationRequest接口,所以我可以使用Session或Cookie。

1 个答案:

答案 0 :(得分:0)

您希望将其存储以用于将来的请求,因为您不想对每个请求都执行OAuth流。

相关问题
最新问题