小贝子编程

如何将令牌存储在数据库中并在授权中对其进行验证



我正在使用jdbc模板对用户进行身份验证,并在内存中对 授权客户端使用 Spring 启动应用程序,我想连接 数据库并将内存中的令牌存储到数据库中并检查 每次在那里检查邮递员的要求时。

我不想使用休眠和使用 jdbctemplate 我们可以 存储令牌而不是客户端名称和密钥。

注意:身份验证工作正常。

 @EnableResourceServer
  @Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private UserDetailsService customUserDetailsService;
    @Autowired
    private Master master;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/home/**")
        .and()
        .authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .csrf()
        .disable()
        .formLogin()
        .permitAll();
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        master.setJdbcTemplate();

        auth.jdbcAuthentication().dataSource(master.jdbcTemplate.getDataSource())
          .usersByUsernameQuery(
           "Select a.UserName,a.password,a.enable from [Auth_User] a where username=?")
          .authoritiesByUsernameQuery(
           "select a.UserName,a.role  from [Auth_User] a where username=?");
          .passwordEncoder(new BCryptPasswordEncoder());
    }
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}



///////////////////////authorization i need to change the code here to store the generated token in database and validate against it//////////////////////////////////

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{
    @Autowired
    private AuthenticationManager authenticationManager;
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");
    }
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
               .withClient("ClientId")
               .secret("{noop}secret")
               .authorizedGrantTypes("authorization_code","password","refresh_token")
               .scopes("user_info")
               .autoApprove(true)
               .accessTokenValiditySeconds(1*60);
    }
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager);
    }

}

而不是Jdbc,我使用JWT或使用Oauth2使用Jpa和spring安全性,我使用Oauth2,这是我引用的链接

https://github.com/TechPrimers/spring-security-oauth-mysql-example

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium