堆栈内存溢出
  简体   繁体   English

Spring Security OAuth2-存储的身份验证对象

[英]Spring Security OAuth2 - stored authentication object

 原文  2015-11-15 02:34:33       spring/ spring-security/ spring-security-oauth2

问题描述

I am currently using a fairly vanilla setup of Spring Security Oauth2 version 2.0.7.RELEASE with a JdbcTokenStore and have recently encountered an interesting issue. 我当前正在使用带有JdbcTokenStore的Spring Security Oauth2版本2.0.7.RELEASE的相当原始的JdbcTokenStore ,并且最近遇到了一个有趣的问题。

I understand that as an access token is created and stored, the Authentication object is serialized and also persisted to the database. 我了解,随着访问令牌的创建和存储, Authentication对象被序列化并且也持久保存到数据库中。 I understand that this is necessary and used when an access token is later used in a request. 我了解这是必要的,并在以后在请求中使用访问令牌时使用。 The issue is that my Authentication object (a custom impl of Spring Security's UserDetails interface) has is associated to other objects in my application's domain. 问题是我的Authentication对象(Spring Security的UserDetails接口的自定义暗示)已经与我的应用程序域中的其他对象相关联。 (sample object graph might look like Authentication -> com.myapp.User -> com.myapp.PhoneNumber) (示例对象图可能看起来像Authentication-> com.myapp.User-> com.myapp.PhoneNumber)

I've had to make some changes to the implementation said objects and noticed that Authentication objects serialized and stored to the database prior to my change no longer deserialize, which make sense because my object model has changed. 我必须对上述对象的实现进行一些更改,并注意到在更改之前序列化并存储到数据库的Authentication对象不再进行反序列化,这很有意义,因为我的对象模型已更改。

What is a recommended way for managing this scenario? 建议使用什么方法来管理此方案? Is there a way to get the Authentication object to serialize to JSON and not binary? 有没有办法让Authentication对象序列化为JSON而不是二进制? I am leaning towards removing my custom information from my Authentication object but am wondering if there is a better approach? 我倾向于从Authentication对象中删除自定义信息,但想知道是否有更好的方法?

1 个解决方案

解决方案1
 0 已采纳  2015-11-19 17:41:08

To close the loop - the approach I ended up using was to extend JdbcTokenStore and to override the methods serializeAuthentication and deserializeAuthentication to perform serialization / deserialization using Jackson. 要关闭循环-我最终使用的办法是扩展JdbcTokenStore和覆盖的方法serializeAuthenticationdeserializeAuthentication使用杰克逊进行序列化/反序列化。 Then in my object model, I @JsonIgnore 'd the entities that are not really needed in authenticating a user. 然后,在我的对象模型中,我@JsonIgnore了在验证用户时真正不需要的实体。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过Spring Security oauth2执行认证 - Performing authentication via spring security oauth2 使用spring security oauth2进行双因素身份验证 - Two factor authentication with spring security oauth2 结合 OAuth2 与 http 基本认证 spring 安全 - Combining OAuth2 with http basic authentication spring security Spring Security OAuth2和Ldap认证到同一资源 - Spring Security OAuth2 and Ldap authentication to the same resourse Spring安全性OAuth2身份验证和表单登录在一个应用程序中 - Spring security OAuth2 authentication and form login in one app 春季安全oauth2:grant_type = password身份验证 - Spring security oauth2 : grant_type=password Authentication 使用 Spring 安全 OAuth2 身份验证的 Web 应用程序会话超时 - Web application session timeout using Spring security OAuth2 authentication 在 Spring OAuth2 中配置安全性:身份验证请求的访问被拒绝 - Configure security in Spring OAuth2: Access is denied for authentication request 在Spring Security OAuth2实现中成功完成OAuth2身份验证时设置Cookie - Set cookies on successful OAuth2 Authentication in Spring Security OAuth2 implementation Spring Security OAuth2实现 - Spring security OAuth2 implementation
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM