Spring Security Oauth2核心组件之TokenStore

前言

编不出来就,就先放着吧

一、Token

在研究TokenStore前,在这里先介绍2个类访问令牌OAuth2AccessToken和刷新令牌OAuth2RefreshToken

1.1 访问令牌
public interface OAuth2AccessToken {

	public static String BEARER_TYPE = "Bearer";

	public static String OAUTH2_TYPE = "OAuth2";

	public static String ACCESS_TOKEN = "access_token";//授权服务器颁发的访问令牌。此值是必需的

	public static String TOKEN_TYPE = "token_type";

    //令牌的生存期(以秒为单位)。此值是可选的。
	public static String EXPIRES_IN = "expires_in";

   //刷新令牌
	public static String REFRESH_TOKEN = "refresh_token";

	//访问令牌的作用域
	public static String SCOPE = "scope";

	Map<String, Object> getAdditionalInformation();

	Set<String> getScope();

	OAuth2RefreshToken getRefreshToken();

	String getTokenType();

	boolean isExpired();

	Date getExpiration();

	int getExpiresIn();

	String getValue();
}

其子类只有一个DefaultOAuth2AccessToken

1.2 刷新令牌
public interface OAuth2RefreshToken {

	@JsonValue
	String getValue();
}

二、TokenStore

TokenStore主要作用是token的增删改查

public interface TokenStore {

	//根据token读取认证信息
	OAuth2Authentication readAuthentication(OAuth2AccessToken token);
	OAuth2Authentication readAuthentication(String token);
	
   
	//存储token
	void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication);

	 //从存储中读取访问令牌
	OAuth2AccessToken readAccessToken(String tokenValue);

	//从存储中删除访问令牌
	void removeAccessToken(OAuth2AccessToken token);

	//将指定的刷新令牌存储在存储中
	void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication);
	//从存储读取刷新令牌
	OAuth2RefreshToken readRefreshToken(String tokenValue);

	/**
	 * @param token a refresh token
	 * @return the authentication originally used to grant the refresh token
	 */
	OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token);

	//从存储中删除刷新令牌
	void removeRefreshToken(OAuth2RefreshToken token);

	void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken);

	//根据认证信息获取token
	OAuth2AccessToken getAccessToken(OAuth2Authentication authentication);

	Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId, String userName);
	Collection<OAuth2AccessToken> findTokensByClientId(String clientId);

}

在这里插入图片描述

TokenStore的初始化在发生在AuthorizationServerEndpointsConfigurer中,默认的TokenStore是InMemoryTokenStore

public final class AuthorizationServerEndpointsConfigurer {

	private TokenStore tokenStore;

    private AccessTokenConverter accessTokenConverter() {
		if (this.accessTokenConverter == null) {
			accessTokenConverter = new DefaultAccessTokenConverter();
		}
		return this.accessTokenConverter;
	}

	private TokenStore tokenStore() {
		if (tokenStore == null) {
			if (accessTokenConverter() instanceof JwtAccessTokenConverter) {
				this.tokenStore = new JwtTokenStore((JwtAccessTokenConverter) accessTokenConverter());
			}
			else {
				this.tokenStore = new InMemoryTokenStore();
			}
		}
		return this.tokenStore;
	}
}

TokenStore的注册方式如下

@Configuration
@EnableAuthorizationServer
public class Authorizationservercontig2 extends AuthorizationServerConfigurerAdapter {

   //忽略代码.....
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        //忽略代码.....
        endpoints..tokenStore(new InMemoryTokenStore())
        //忽略代码.....   
    }
}

三、AuthorizationServerTokenServices

主要是对TokenStore进行策略管理。

public interface AuthorizationServerTokenServices {

	//创建token
	OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException;

	//刷新token
	OAuth2AccessToken refreshAccessToken(String refreshToken, TokenRequest tokenRequest)throws AuthenticationException;

	//获取token
	OAuth2AccessToken getAccessToken(OAuth2Authentication authentication);
}

他只有一个子类DefaultTokenServices

AuthorizationServerTokenServices的初始化在发生在AuthorizationServerEndpointsConfigurer中,默认的AuthorizationServerTokenServices是DefaultTokenServices

public final class AuthorizationServerEndpointsConfigurer {

	private AuthorizationServerTokenServices tokenServices;

    public AuthorizationServerTokenServices getTokenServices() {
		return ProxyCreator.getProxy(AuthorizationServerTokenServices.class,
				new ObjectFactory<AuthorizationServerTokenServices>() {
					@Override
					public AuthorizationServerTokenServices getObject() throws BeansException {
						return tokenServices();
					}
				});
	}
	
    private AuthorizationServerTokenServices tokenServices() {
		if (tokenServices != null) {
			return tokenServices;
		}
		this.tokenServices = createDefaultTokenServices();
		return tokenServices;
	}
	
    private DefaultTokenServices createDefaultTokenServices() {
		DefaultTokenServices tokenServices = new DefaultTokenServices();
		tokenServices.setTokenStore(tokenStore());
		tokenServices.setSupportRefreshToken(true);//默认支持刷新token
		tokenServices.setReuseRefreshToken(reuseRefreshToken);
		tokenServices.setClientDetailsService(clientDetailsService());
		tokenServices.setTokenEnhancer(tokenEnhancer());
		addUserDetailsService(tokenServices, this.userDetailsService);
		return tokenServices;
    }
}

你可能感兴趣的:(Spring,Security,Oauth2,spring,后端,java)