前言
编不出来就,就先放着吧
一、Token
在研究TokenStore前,在这里先介绍2个类访问令牌OAuth2AccessToken和刷新令牌OAuth2RefreshToken
1.1 访问令牌
public interface OAuth2AccessToken {
public static String BEARER_TYPE = "Bearer";
public static String OAUTH2_TYPE = "OAuth2";
public static String ACCESS_TOKEN = "access_token";//授权服务器颁发的访问令牌。此值是必需的
public static String TOKEN_TYPE = "token_type";
//令牌的生存期(以秒为单位)。此值是可选的。
public static String EXPIRES_IN = "expires_in";
//刷新令牌
public static String REFRESH_TOKEN = "refresh_token";
//访问令牌的作用域
public static String SCOPE = "scope";
Map<String, Object> getAdditionalInformation();
Set<String> getScope();
OAuth2RefreshToken getRefreshToken();
String getTokenType();
boolean isExpired();
Date getExpiration();
int getExpiresIn();
String getValue();
}
其子类只有一个DefaultOAuth2AccessToken
1.2 刷新令牌
public interface OAuth2RefreshToken {
@JsonValue
String getValue();
}
二、TokenStore
TokenStore主要作用是token的增删改查
public interface TokenStore {
//根据token读取认证信息
OAuth2Authentication readAuthentication(OAuth2AccessToken token);
OAuth2Authentication readAuthentication(String token);
//存储token
void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication);
//从存储中读取访问令牌
OAuth2AccessToken readAccessToken(String tokenValue);
//从存储中删除访问令牌
void removeAccessToken(OAuth2AccessToken token);
//将指定的刷新令牌存储在存储中
void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication);
//从存储读取刷新令牌
OAuth2RefreshToken readRefreshToken(String tokenValue);
/**
* @param token a refresh token
* @return the authentication originally used to grant the refresh token
*/
OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token);
//从存储中删除刷新令牌
void removeRefreshToken(OAuth2RefreshToken token);
void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken);
//根据认证信息获取token
OAuth2AccessToken getAccessToken(OAuth2Authentication authentication);
Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId, String userName);
Collection<OAuth2AccessToken> findTokensByClientId(String clientId);
}
TokenStore的初始化在发生在AuthorizationServerEndpointsConfigurer中,默认的TokenStore是InMemoryTokenStore
public final class AuthorizationServerEndpointsConfigurer {
private TokenStore tokenStore;
private AccessTokenConverter accessTokenConverter() {
if (this.accessTokenConverter == null) {
accessTokenConverter = new DefaultAccessTokenConverter();
}
return this.accessTokenConverter;
}
private TokenStore tokenStore() {
if (tokenStore == null) {
if (accessTokenConverter() instanceof JwtAccessTokenConverter) {
this.tokenStore = new JwtTokenStore((JwtAccessTokenConverter) accessTokenConverter());
}
else {
this.tokenStore = new InMemoryTokenStore();
}
}
return this.tokenStore;
}
}
TokenStore的注册方式如下
@Configuration
@EnableAuthorizationServer
public class Authorizationservercontig2 extends AuthorizationServerConfigurerAdapter {
//忽略代码.....
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
//忽略代码.....
endpoints..tokenStore(new InMemoryTokenStore())
//忽略代码.....
}
}
三、AuthorizationServerTokenServices
主要是对TokenStore进行策略管理。
public interface AuthorizationServerTokenServices {
//创建token
OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException;
//刷新token
OAuth2AccessToken refreshAccessToken(String refreshToken, TokenRequest tokenRequest)throws AuthenticationException;
//获取token
OAuth2AccessToken getAccessToken(OAuth2Authentication authentication);
}
他只有一个子类DefaultTokenServices
AuthorizationServerTokenServices的初始化在发生在AuthorizationServerEndpointsConfigurer中,默认的AuthorizationServerTokenServices是DefaultTokenServices
public final class AuthorizationServerEndpointsConfigurer {
private AuthorizationServerTokenServices tokenServices;
public AuthorizationServerTokenServices getTokenServices() {
return ProxyCreator.getProxy(AuthorizationServerTokenServices.class,
new ObjectFactory<AuthorizationServerTokenServices>() {
@Override
public AuthorizationServerTokenServices getObject() throws BeansException {
return tokenServices();
}
});
}
private AuthorizationServerTokenServices tokenServices() {
if (tokenServices != null) {
return tokenServices;
}
this.tokenServices = createDefaultTokenServices();
return tokenServices;
}
private DefaultTokenServices createDefaultTokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore());
tokenServices.setSupportRefreshToken(true);//默认支持刷新token
tokenServices.setReuseRefreshToken(reuseRefreshToken);
tokenServices.setClientDetailsService(clientDetailsService());
tokenServices.setTokenEnhancer(tokenEnhancer());
addUserDetailsService(tokenServices, this.userDetailsService);
return tokenServices;
}
}