Spring 配置使用JdbcStore时JWT令牌的过期时间
我正在尝试使用JWT和jdbcTokenStore通过OAuth2实现Spring安全性:Spring 配置使用JdbcStore时JWT令牌的过期时间,spring,spring-boot,spring-security,oauth-2.0,spring-security-oauth2,Spring,Spring Boot,Spring Security,Oauth 2.0,Spring Security Oauth2,我正在尝试使用JWT和jdbcTokenStore通过OAuth2实现Spring安全性: @Bean public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); } @Bean @Primary public DefaultTokenServices tokenServices() { final DefaultTokenServ
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setAccessTokenValiditySeconds(60);
defaultTokenServices.setRefreshTokenValiditySeconds(80);
defaultTokenServices.setReuseRefreshToken(false);
return defaultTokenServices;
}
但在我使用邮递员创建令牌后,我得到的总是值:
{
"access_token": "....",
"token_type": "bearer",
"refresh_token": "....",
"expires_in": 41502,
"scope": "read",
"organization": "admin Drivelog",
"jti": "2f33707a-30e3-4145-9d9d-7c2e4a4535dd"
}
ypi是否知道如何配置访问令牌过期时间。由于某些原因,
setAccessTokenValiditySeconds
无法工作。您可能忘记配置resourceserver以使用tokenservices,例如:
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private ResourceServerTokenServices tokenServices;
@Autowired
private JwtAccessTokenConverter accessTokenConverter;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenServices(tokenServices);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.and()
.authorizeRequests()
.antMatchers("/actuator/**", "/api-docs/**","/oauth/*").permitAll()
.antMatchers("/jwttest/**" ).authenticated();
}
}
正如在检查数据库表
oauth\u client\u details
列值access\u token\u validity
和refresh\u token\u validity
中所发现的,我创建了这个表,但由于某些原因它总是空的。您的实现看起来不错。你能分享邮递员请求的截图吗?@PeterPenzov如果oauth\u client\u details为空,你将客户id和秘密存储在哪里等?Thirumal提到的列允许您在每个用户的基础上进行配置。请参阅我对另一个问题的描述: