如何更新redis中存储的spring security oauth2认证后的token相关信息(用户信息等)
最近发现自己的工程中,修改了UserDetails中的用户信息后,再用access_token获取用户信息后,发现总是获取的第一次登录时存储的信息,不是修改后的信息,后来才发现是没有更新redis中的信息。
oauth2配置:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import javax.sql.DataSource;
/**
*
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(-1)
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Autowired
private DataSource dataSource;
@Autowired
private RedisConnectionFactory connectionFactory;
@Autowired
private PasswdAuthenticationProvider passwdAuthenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(passwdAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/oauth/token").and().csrf().disable();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception
{
return super.authenticationManagerBean();
}
@Bean
public ClientDetailsService clientDetailsService()
{
return new JdbcClientDetailsService(dataSource);
}
@Bean
public TokenStore tokenStore()
{
RedisTokenStore redis = new RedisTokenStore(connectionFactory);
return redis;
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore)
{
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService()));
handler.setClientDetailsService(clientDetailsService());
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception
{
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
}获取认证后的信息:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Object principal = authentication == null ? null : authentication.getPrincipal();修改的就是principal 中的信息,但没有修改redis中的信息,本想直接操作redis中存储的对象,但担心打乱spring security自身存储的数据结构,苦苦寻找并自己研究了两天,始终没能找到答案,希望在这里问题可以得到解决。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
不负有心人!!,最终还是自己找出解决办法,阅读了spring security源码后,发现信息是在Tokenstone接口中新增的,由于该接口没有提供修改方法,所以重写了新增的方法,覆盖了redis中的信息。
有源码吗? 怎么解决的?目前遇到OAuth2Authentication强转问题
十分感谢,找了一天,终于从大佬你这搬到砖了。完美解决更新登录用户的信息。