Spring Security OAuth2 不使用属性中的令牌过期值
[英]Spring Security OAuth2 not using token expire values from properties
问题描述
I am trying to configure my application to pull access and refresh token expire times from my properties file rather than setting them in the java configuration.
我正在尝试将我的应用程序配置为从我的属性文件中提取访问和刷新令牌过期时间,而不是在 java 配置中设置它们。 However it is not picking them up and instead reverts to the default values.然而,它并没有选择它们,而是恢复为默认值。
Here is a sample of my Java config where I set the expire values manually.这是我手动设置过期值的 Java 配置示例。 This works just fine when I do it like this.当我这样做时,这很好用。
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
....
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("myclient")
.secret("mysecret")
.authorizedGrantTypes("password", "refresh_token")
.scopes("my-app")
.autoApprove("my-app")
.accessTokenValiditySeconds(30)
.refreshTokenValiditySeconds(3200);
}
}
However when I try to set them like this in my application.properties file like this, it doesnt work.但是,当我尝试在我的application.properties文件中像这样设置它们时,它不起作用。
# Security
security.oauth2.client.access-token-validity-seconds=60
security.oauth2.client.refresh-token-validity-seconds=3200
2 个解决方案
解决方案1
2 已采纳 2018-08-10 10:49:55
I hope this reply is not too late...我希望这个回复不会太晚......
I meet the same problem, and later I find this is a bug.我遇到了同样的问题,后来我发现这是一个错误。
For the autowired for ClientDetailsService, it has a exception:对于 ClientDetailsService 的自动装配,它有一个例外:
Method threw 'org.springframework.beans.factory.BeanCreationException' exception. Cannot evaluate com.sun.proxy.$Proxy135.toString()
So the value of clientDetailsService is null.所以clientDetailsService的值为null。 Then it will use the defaul value, so your value setting inside the config class doesn't work.然后它将使用默认值,因此您在 config 类中的值设置不起作用。 But if you do it in the application.yml, it will set this value without checking clientDetailsService, so it works.但是如果你在 application.yml 中这样做,它会在不检查 clientDetailsService 的情况下设置这个值,所以它可以工作。
I have already report this issue to the team, hope somebody may solve this bug.我已经向团队报告了这个问题,希望有人能解决这个错误。 https://github.com/spring-projects/spring-security-oauth/issues/1448 https://github.com/spring-projects/spring-security-oauth/issues/1448
A possible solution is either set the value in the application.yml file or set the value in the DefaultTokenServices like this:一个可能的解决方案是在 application.yml 文件中设置值或在 DefaultTokenServices 中设置值,如下所示:
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(this.tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setTokenEnhancer(this.accessTokenConverter());
defaultTokenServices.setAccessTokenValiditySeconds(100);
return defaultTokenServices;
}
解决方案2
1 2020-07-30 11:26:16
Also was searching for this answer and tried proposed solution from DeezCashews.也在寻找这个答案并尝试了 DeezCashews 提出的解决方案。 But it didn't work for me, because there is a part of code which firstly check if this value is set in in column access_token_validity table oauth_client_details and only then greps value from tokenServices.但它对我不起作用,因为有一部分代码首先检查该值是否设置在列 access_token_validity 表 oauth_client_details 中,然后才检查来自 tokenServices 的 grep 值。 So if your "expires_in" is set in oauth_client_details table, then you need to change it there.因此,如果您的“expires_in”设置在 oauth_client_details 表中,那么您需要在那里更改它。
Code which checks validity property in db :检查 db 中有效性属性的代码:
protected int getAccessTokenValiditySeconds(OAuth2Request clientAuth) {
if (clientDetailsService != null) {
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
Integer validity = client.getAccessTokenValiditySeconds();
if (validity != null) {
return validity;
}
}
return accessTokenValiditySeconds;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.