如何将令牌存储在数据库中并在授权中验证它

问题描述 投票:0回答:1

我正在使用jdbc模板来验证用户和内存以授权客户端进行Spring启动应用程序,并且我想连接数据库并将内存令牌存储到数据库中,并在邮件员检查请求时检查每次。

我不想使用hibernate并且使用jdbctemplate我们能够存储令牌而不是客户端名称和密钥。

注意:身份验证工作正常。

 @EnableResourceServer
  @Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter{



    @Autowired
    private UserDetailsService customUserDetailsService;

    @Autowired
    private Master master;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/home/**")
        .and()
        .authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .csrf()
        .disable()
        .formLogin()
        .permitAll();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        master.setJdbcTemplate();


        auth.jdbcAuthentication().dataSource(master.jdbcTemplate.getDataSource())
          .usersByUsernameQuery(
           "Select a.UserName,a.password,a.enable from [Auth_User] a where username=?")
          .authoritiesByUsernameQuery(
           "select a.UserName,a.role  from [Auth_User] a where username=?");
          .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


}







///////////////////////authorization i need to change the code here to store the generated token in database and validate against it//////////////////////////////////


@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
               .withClient("ClientId")
               .secret("{noop}secret")
               .authorizedGrantTypes("authorization_code","password","refresh_token")
               .scopes("user_info")
               .autoApprove(true)
               .accessTokenValiditySeconds(1*60);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager);
    }


}
java spring-boot spring-security spring-security-oauth2 jdbctemplate
1个回答
0
投票

而不是Jdbc我使用Jpa和Spring安全使用JWT或使用Oauth2我使用Oauth2这是我推荐的链接

https://github.com/TechPrimers/spring-security-oauth-mysql-example

© www.soinside.com 2019 - 2024. All rights reserved.