Spring Security OAuth2 使用Redis存储token键值详解

Spring Security OAuth2存储token值的方式

Spring Security OAuth2存储token值的方式有多种,所有的实现方式都是实现了TokenStore接口

  • InMemoryTokenStore:token存储在本机的内存之中
  • JdbcTokenStore:token存储在数据库之中
  • JwtTokenStore:token不会存储到任何介质中
  • RedisTokenStore:token存储在Redis数据库之中

RedisTokenStore实现类在redis中存储的key

RedisTokenStore实现类在redis中存储了哪些key,贴上源码如下:

1
2
3
4
5
6
7
8
9
private static final String ACCESS = "access:";
private static final String AUTH_TO_ACCESS = "auth_to_access:";
private static final String AUTH = "auth:";
private static final String REFRESH_AUTH = "refresh_auth:";
private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
private static final String REFRESH = "refresh:";
private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
private static final String UNAME_TO_ACCESS = "uname_to_access:";

本案例是使用password、refresh_token模式,在Redis缓存中共存储了9个键值对,其中有5个跟access_token相关,4个和refresh_token相关;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
{
"status": 200,
"message": "SUCCESS",
"data": {
"access_token": "44d7a5e0574444aab99130c5b37d4b25",
"refresh_token": "b5854a2aa76b41ffb43d3fbfef8ec7bb",
"scope": "all",
"token_type": "bearer",
"expires_in": 59,
"client_id": "client_password",
"authorities": {
"interfaces": [
"/a/b",
"/a/c",
"/oauth/token"
],
"username": "admin"
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
D:\Server\Redis-x64-3.2.100>redis-cli.exe
127.0.0.1:6379> select 0
OK
127.0.0.1:6379> keys *
1) "access_to_refresh:44d7a5e0574444aab99130c5b37d4b25"
2) "auth_to_access:12b5172afcb09343e36fcfa9b4d84ce9"
3) "uname_to_access:client_password:admin"
4) "refresh:b5854a2aa76b41ffb43d3fbfef8ec7bb"
5) "client_id_to_access:client_password"
6) "auth:44d7a5e0574444aab99130c5b37d4b25"
7) "access:44d7a5e0574444aab99130c5b37d4b25"
8) "refresh_to_access:b5854a2aa76b41ffb43d3fbfef8ec7bb"
9) "refresh_auth:b5854a2aa76b41ffb43d3fbfef8ec7bb"

access_token相关:

  • access:(OAuth2AccessToken) 是OAuth2AccessToken对象序列化后的值
  • auth:(OAuth2Authentication) 是OAuth2AccessToken序列化后的值,且是username、client_id、scope三个MD5加密后的值
  • auth_to_access:(OAuth2AccessToken) 是OAuth2Authentication对象序列化后的值
  • client_id_to_access:(OAuth2AccessToken) 即client_password,是OAuth2AccessToken序列化后的值
  • uname_to_access:(OAuth2AccessToken) 即clientid+用户名,是OAuth2AccessToken对象序列化后的值

refresh_token相关:

  • refresh:(OAuth2RefreshToken) 是OAuth2RefreshToken对象序列化后的值
  • refresh_auth:(OAuth2Authentication) 是OAuth2Authentication序列化后的值
  • access_to_refresh:(refresh_token) 即refresh_token值
  • refresh_to_access:(refresh_token) 即refresh_token值

本文转载参考 原文 并加以调试

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :