问题描述:
在使用jwt生成token并且使用redis作为tokenStore的时候,需要防止单个用户单客户端多个浏览器同时登录的情况下通过重写 DefaultTokenServices token生成工具来满足需求
只需要注释掉一个判断语句即可
代码如下:
@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
OAuth2RefreshToken refreshToken = null;
if (existingAccessToken != null) {
// 判断redis里面是否存在token 存在判断是否过去,没有过期就直接返回,所以给注释掉就可以防止同一个用户多客户端登录了
// if (existingAccessToken.isExpired()) { =====> 这里注释掉
if (existingAccessToken.getRefreshToken() != null) {
refreshToken = existingAccessToken.getRefreshToken();
// The token store could remove the refresh token when the
// access token is removed, but we want to
// be sure...
tokenStore.removeRefreshToken(refreshToken);
}
tokenStore.removeAccessToken(existingAccessToken);
// } =====> 这里注释掉
// else { =====> 这里注释掉
// Re-store the access token in case the authentication has changed
// 重新加载 redis里面的token,和之前的token一样,主要目的是刷新失效时间
// tokenStore.storeAccessToken(existingAccessToken, authentication); =====> 这里注释掉
// 直接返回老的token
// return existingAccessToken; =====> 这里注释掉
// } =====> 这里注释掉
}
// Only create a new refresh token if there wasn't an existing one
// associated with an expired access token.
// Clients might be holding existing refresh tokens, so we re-use it in
// the case that the old access token
// expired.
if (refreshToken == null) {
refreshToken = createRefreshToken(authentication);
}
// But the refresh token itself might need to be re-issued if it has
// expired.
else if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
refreshToken = createRefreshToken(authentication);
}
}
OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
tokenStore.storeAccessToken(accessToken, authentication);
// In case it was modified
refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
tokenStore.storeRefreshToken(refreshToken, authentication);
}
return accessToken;
}