小贝子编程

Micronaut配置未颁发JWT刷新令牌



我的application.yml中有以下配置。根据规范,除了JWT响应中的访问令牌外,还应该发布一个刷新令牌,但我只得到了访问令牌,而没有得到刷新令牌。

我是不是错过了什么?

token:
jwt:
signatures:
secret:
generator:
refresh-token:
secret: "${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne}"  
secret: "${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne}"

您可能缺少RefreshTokenPersistence的实现。

我建议你阅读这一部分的宇航员的安全文件:https://micronaut-projects.github.io/micronaut-security/latest/guide/#refresh

这里是持久性单元的一个非常天真的实现。请不要忘记将@Singleton添加到您的实现中。我错过了这一点,这就是为什么micronaut最初在我自己的项目中没有生成刷新令牌的原因。

import io.micronaut.security.authentication.UserDetails;
import io.micronaut.security.token.event.RefreshTokenGeneratedEvent;
import io.micronaut.security.token.refresh.RefreshTokenPersistence;
import io.reactivex.BackpressureStrategy;
import io.reactivex.Flowable;
import org.reactivestreams.Publisher;
import javax.inject.Singleton;
import java.util.HashMap;
import java.util.Map;
@Singleton
public class MyRefreshTokenPersistence implements RefreshTokenPersistence {
private final Map<String, UserDetails> storage = new HashMap<>();
@Override
public void persistToken(RefreshTokenGeneratedEvent event) {
storage.put(event.getRefreshToken(), event.getUserDetails());
}
@Override
public Publisher<UserDetails> getUserDetails(String refreshToken) {
return Flowable.create(emitter -> {
final UserDetails userDetails = storage.get(refreshToken);
if ( userDetails != null ) {
emitter.onNext(userDetails);
emitter.onComplete();
} else {
emitter.onError(new IllegalArgumentException("refresh token unknown"));
}
}, BackpressureStrategy.BUFFER);
}
}

我在Micronaut v3.1.4中发现了这个问题。它需要一个实现RefreshTokenPersistence的类。这对我有效。

import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.token.event.RefreshTokenGeneratedEvent;
import io.micronaut.security.token.refresh.RefreshTokenPersistence;
import jakarta.inject.Singleton;
import org.reactivestreams.Publisher;
@Singleton
public class CustomRefreshTokenPersistence implements RefreshTokenPersistence {
@Override
public void persistToken(final RefreshTokenGeneratedEvent event) {

}
@Override
public Publisher<Authentication> getAuthentication(final String refreshToken) {
return null;
}
}

我觉得你的application.yml配置看起来有点不正常。正如文档所示,它应该类似于下面的内容。

micronaut:
security:
authentication: bearer
token:
jwt:
signatures:
secret:
generator:
secret: '"${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne}"'
generator:
refresh-token:
secret: '"${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne}"'

micronuat文档链接:https://guides.micronaut.io/latest/micronaut-security-jwt-gradle-groovy.html

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium