我正在使用jdbc模板来验证用户和内存以授权客户端进行Spring启动应用程序,并且我想连接数据库并将内存令牌存储到数据库中,并在邮件员检查请求时检查每次。
我不想使用hibernate并且使用jdbctemplate我们能够存储令牌而不是客户端名称和密钥。
注意:身份验证工作正常。
@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService customUserDetailsService;
@Autowired
private Master master;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/home/**")
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.csrf()
.disable()
.formLogin()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
master.setJdbcTemplate();
auth.jdbcAuthentication().dataSource(master.jdbcTemplate.getDataSource())
.usersByUsernameQuery(
"Select a.UserName,a.password,a.enable from [Auth_User] a where username=?")
.authoritiesByUsernameQuery(
"select a.UserName,a.role from [Auth_User] a where username=?");
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
///////////////////////authorization i need to change the code here to store the generated token in database and validate against it//////////////////////////////////
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("ClientId")
.secret("{noop}secret")
.authorizedGrantTypes("authorization_code","password","refresh_token")
.scopes("user_info")
.autoApprove(true)
.accessTokenValiditySeconds(1*60);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
而不是Jdbc我使用Jpa和Spring安全使用JWT或使用Oauth2我使用Oauth2这是我推荐的链接
https://github.com/TechPrimers/spring-security-oauth-mysql-example