Spring Security OAuth2 使用Redis存储token键值详解

Joe.Ye • 2023-03-20 • Spring Security

Spring Security OAuth2存储token值的方式

Spring Security OAuth2存储token值的方式有多种，所有的实现方式都是实现了TokenStore接口

InMemoryTokenStore:token存储在本机的内存之中
JdbcTokenStore:token存储在数据库之中
JwtTokenStore:token不会存储到任何介质中
RedisTokenStore:token存储在Redis数据库之中

RedisTokenStore实现类在redis中存储的key

RedisTokenStore实现类在redis中存储了哪些key，贴上源码如下：

private static final String ACCESS = "access:";
private static final String AUTH_TO_ACCESS = "auth_to_access:";
private static final String AUTH = "auth:";
private static final String REFRESH_AUTH = "refresh_auth:";
private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
private static final String REFRESH = "refresh:";
private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
private static final String UNAME_TO_ACCESS = "uname_to_access:";

本案例是使用password、refresh_token模式，在Redis缓存中共存储了9个键值对，其中有5个跟access_token相关，4个和refresh_token相关；

{
    "status": 200,
    "message": "SUCCESS",
    "data": {
        "access_token": "44d7a5e0574444aab99130c5b37d4b25",
        "refresh_token": "b5854a2aa76b41ffb43d3fbfef8ec7bb",
        "scope": "all",
        "token_type": "bearer",
        "expires_in": 59,
        "client_id": "client_password",
        "authorities": {
            "interfaces": [
                "/a/b",
                "/a/c",
                "/oauth/token"
            ],
            "username": "admin"
        }
    }
}

D:\Server\Redis-x64-3.2.100>redis-cli.exe
127.0.0.1:6379> select 0
OK
127.0.0.1:6379> keys *
1) "access_to_refresh:44d7a5e0574444aab99130c5b37d4b25"
2) "auth_to_access:12b5172afcb09343e36fcfa9b4d84ce9"
3) "uname_to_access:client_password:admin"
4) "refresh:b5854a2aa76b41ffb43d3fbfef8ec7bb"
5) "client_id_to_access:client_password"
6) "auth:44d7a5e0574444aab99130c5b37d4b25"
7) "access:44d7a5e0574444aab99130c5b37d4b25"
8) "refresh_to_access:b5854a2aa76b41ffb43d3fbfef8ec7bb"
9) "refresh_auth:b5854a2aa76b41ffb43d3fbfef8ec7bb"

access_token相关：

access:(OAuth2AccessToken) 是OAuth2AccessToken对象序列化后的值
auth:(OAuth2Authentication) 是OAuth2AccessToken序列化后的值，且是username、client_id、scope三个MD5加密后的值
auth_to_access:(OAuth2AccessToken) 是OAuth2Authentication对象序列化后的值
client_id_to_access:(OAuth2AccessToken) 即client_password，是OAuth2AccessToken序列化后的值
uname_to_access:(OAuth2AccessToken) 即clientid+用户名，是OAuth2AccessToken对象序列化后的值

refresh_token相关：

refresh:(OAuth2RefreshToken) 是OAuth2RefreshToken对象序列化后的值
refresh_auth:(OAuth2Authentication) 是OAuth2Authentication序列化后的值
access_to_refresh:(refresh_token) 即refresh_token值
refresh_to_access:(refresh_token) 即refresh_token值

本文转载参考原文并加以调试

版权声明：
作者：Joe.Ye
链接：https://www.appblog.cn/index.php/2023/03/20/spring-security-oauth2-uses-redis-to-store-token-key-values/
来源：APP全栈技术分享
文章版权归作者所有，未经允许请勿转载。

THE END

OAuth2

二维码

打赏

海报

Spring Security OAuth2 使用Redis存储token键值详解

Spring Security OAuth2存储token值的方式 Spring Security OAuth2存储token值的方式有多种，所有的实现方式都是实现了TokenStore接口 InMemoryTokenStore:to……

Spring Security OAuth2 token存储Redis用户登出logOut

<<上一篇

Spring Security OAuth2 Redis存储token refresh_token永不过期问题解决

下一篇>>

文章目录

关闭

搜索内容

Spring Security OAuth2 使用Redis存储token键值详解

Spring Security OAuth2存储token值的方式

RedisTokenStore实现类在redis中存储的key

取消回复

共有 0 条评论

热门文章

最新评论