Spring Security OAuth2 使用Redis存储token键值详解

1.Spring Security OAuth2存储token值的方式由多种,所有的实现方式都是实现了TokenStore接口

  • InMemoryTokenStore:token存储在本机的内存之中
  • JdbcTokenStore:token存储在数据库之中
  • JwtTokenStore:token不会存储到任何介质中
  • RedisTokenStore:token存储在Redis数据库之中

2.看下RedisTokenStore实现类在redis中存储了那些key,贴上源码如下:

    private static final String ACCESS = "access:";
    private static final String AUTH_TO_ACCESS = "auth_to_access:";
    private static final String AUTH = "auth:";
    private static final String REFRESH_AUTH = "refresh_auth:";
    private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
    private static final String REFRESH = "refresh:";
    private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
    private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
    private static final String UNAME_TO_ACCESS = "uname_to_access:";

本案例是使用password、refresh_token模式,在Redis缓存中共存储了9个键值对,其中有5个跟access_token相关,4个和refresh_token相关;

  • access_token相关access:(OAuth2AccessToken)、auth:(OAuth2Authentication)、auth_to_access:(OAuth2AccessToken)、client_id_to_access:(OAuth2AccessToken)、uname_to_access:(OAuth2AccessToken)
  • refresh_token相关refresh:(OAuth2RefreshToken)、refresh_auth:(OAuth2Authentication)、access_to_refresh(refresh_token):、refresh_to_access:(refresh_token)

3.通过查看RedisTokenStore源码(源码我就不贴出来了)的方式理解每个key所存储的数据

  1. access:中存储的键是access:be171b573f5a496ca601b32b1360fe84,值是OAuth2AccessToken对象序列化后的值
  • 键是access:+access_token
  • 值示例如下:
    {
            "access_token": "12833d6c89fb4ea58cbe7b6ada5de7b5",
            "token_type": "bearer",
            "refresh_token": "357304ee0a404700b3e65d547713011b",
            "expires_in": 898,
            "scope": "test"
        }
    
  1. auth_to_access:中存储的键是auth_to_access:a994f2a9a61186f32870e32d72a38d21,值是OAuth2AccessToken序列化后的值
  • 键是auth_to_access:+ username、client_id、scope三个MD5加密后的值

  • 值示例如下:

    {
            "access_token": "12833d6c89fb4ea58cbe7b6ada5de7b5",
            "token_type": "bearer",
            "refresh_token": "357304ee0a404700b3e65d547713011b",
            "expires_in": 898,
            "scope": "test"
        }
    
  1. auth:中存储的键是auth:be171b573f5a496ca601b32b1360fe84,值是OAuth2Authentication对象序列化后的值
  • 键是auth:+access_token值
  • 值示例如下:
{
    "authorities": [
        {
            "authority": "ROLE"
        }
    ],
    "details": {
        "remoteAddress": "0:0:0:0:0:0:0:1",
        "sessionId": null,
        "tokenValue": "dfec9f18e161408dbf66b85b94401d7f",
        "tokenType": "Bearer",
        "decodedDetails": null
    },
    "authenticated": true,
    "userAuthentication": {
        "authorities": [
            {
                "authority": "ROLE"
            }
        ],
        "details": {
            "grant_type": "password",
            "username": "user",
            "scope": "test"
        },
        "authenticated": true,
        "principal": {
            "password": null,
            "username": "user",
            "authorities": [
                {
                    "authority": "ROLE"
                }
            ],
            "accountNonExpired": true,
            "accountNonLocked": true,
            "credentialsNonExpired": true,
            "enabled": true
        },
        "credentials": null,
        "name": "user"
    },
    "credentials": "",
    "principal": {
        "password": null,
        "username": "user",
        "authorities": [
            {
                "authority": "ROLE"
            }
        ],
        "accountNonExpired": true,
        "accountNonLocked": true,
        "credentialsNonExpired": true,
        "enabled": true
    },
    "oauth2Request": {
        "clientId": "client_password",
        "scope": [
            "test"
        ],
        "requestParameters": {
            "grant_type": "password",
            "scope": "test",
            "username": "user"
        },
        "resourceIds": [
            "resource_password_id"
        ],
        "authorities": [],
        "approved": true,
        "refresh": false,
        "redirectUri": null,
        "responseTypes": [],
        "extensions": {},
        "grantType": "password",
        "refreshTokenRequest": null
    },
    "clientOnly": false,
    "name": "user"
}
  1. refresh_auth:中存储的是refresh_auth:d0017ce6db6441d1b87a0a2804d1434b,值是OAuth2Authentication序列化后的值
  • 键是:refresh_auth:+refresh_token值
  • 值示例如下:
{
    "authorities": [
        {
            "authority": "ROLE"
        }
    ],
    "details": {
        "remoteAddress": "0:0:0:0:0:0:0:1",
        "sessionId": null,
        "tokenValue": "dfec9f18e161408dbf66b85b94401d7f",
        "tokenType": "Bearer",
        "decodedDetails": null
    },
    "authenticated": true,
    "userAuthentication": {
        "authorities": [
            {
                "authority": "ROLE"
            }
        ],
        "details": {
            "grant_type": "password",
            "username": "user",
            "scope": "test"
        },
        "authenticated": true,
        "principal": {
            "password": null,
            "username": "user",
            "authorities": [
                {
                    "authority": "ROLE"
                }
            ],
            "accountNonExpired": true,
            "accountNonLocked": true,
            "credentialsNonExpired": true,
            "enabled": true
        },
        "credentials": null,
        "name": "user"
    },
    "credentials": "",
    "principal": {
        "password": null,
        "username": "user",
        "authorities": [
            {
                "authority": "ROLE"
            }
        ],
        "accountNonExpired": true,
        "accountNonLocked": true,
        "credentialsNonExpired": true,
        "enabled": true
    },
    "oauth2Request": {
        "clientId": "client_password",
        "scope": [
            "test"
        ],
        "requestParameters": {
            "grant_type": "password",
            "scope": "test",
            "username": "user"
        },
        "resourceIds": [
            "resource_password_id"
        ],
        "authorities": [],
        "approved": true,
        "refresh": false,
        "redirectUri": null,
        "responseTypes": [],
        "extensions": {},
        "grantType": "password",
        "refreshTokenRequest": null
    },
    "clientOnly": false,
    "name": "user"
}
  1. access_to_refresh:中存储的是access_to_refresh:c90cab28971948d2a85ca2ae814641ed,值是refresh_token值
  • 键是access_to_refresh:+refresh_token值
  • 值是refresh_token值
  1. refresh:中存储的是refresh:d0017ce6db6441d1b87a0a2804d1434b,值是OAuth2RefreshToken对象序列化后的值
  • 键是refresh:+refresh_token值
  • 值示例如下:
 {
        "access_token": "dfec9f18e161408dbf66b85b94401d7f",
        "token_type": "bearer",
        "refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
        "expires_in": 898,
        "scope": "test"
    }
  1. refresh_to_access:中存储的值是refresh_to_access:d0017ce6db6441d1b87a0a2804d1434b,值是refresh_token值
  • 键是refresh_to_access:+refresh_token值
  • 值示例如下:
be171b573f5a496ca601b32b1360fe84
  1. client_id_to_access:中存储的值是client_id_to_access:client_password,值是OAuth2AccessToken序列化后的值
  • 键是client_id_to_access:+clientId
  • 值示例如下:
{
        "access_token": "dfec9f18e161408dbf66b85b94401d7f",
        "token_type": "bearer",
        "refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
        "expires_in": 898,
        "scope": "test"
    }
  1. uname_to_access:中存储的键是uname_to_access:client_password:user,值是OAuth2AccessToken对象序列化后的值
  • 键是:uname_to_access:+clientid+用户名
  • 值示例如下:
{
        "access_token": "dfec9f18e161408dbf66b85b94401d7f",
        "token_type": "bearer",
        "refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
        "expires_in": 898,
        "scope": "test"
    }

GitHub源码:https://github.com/mingyang66/spring-parent/edit/master/spring-security-oauth2-server-redis-service/README.md

已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 酷酷鲨 设计师:CSDN官方博客 返回首页