redis存储token redis存储token

redis存储token

欢迎关注博主公众号「Java大师」, 专注于分享Java领域干货文章http://www.javaman.cn/sb2/redis-token

在实际开发中，token需要保存在redis中，今天我们就来介绍下token怎么存储在redis中

密码模式实现代码 2.1 创建pom.xml

4.0.0org.springframework.boot spring-boot-starter-parent 2.2.6.RELEASE com.dashi springsecurity-oauth 0.0.1-SNAPSHOT springsecurity-oauth Demo project for Spring Boot1.8 Greenwich.SR2 org.springframework.cloud spring-cloud-starter-oauth2 2.2.5.RELEASE org.springframework.cloud spring-cloud-starter-security 2.2.5.RELEASE org.springframework.boot spring-boot-starter org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-test test org.springframework.boot spring-boot-starter-data-redis org.apache.commons commons-pool2 org.springframework.boot spring-boot-maven-plugin org.springframework.cloud spring-cloud-dependencies ${spring-cloud.version} pom import

2.2 创建springsecurity配置文件

package com.dashi.springsecurityoauth.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter {@Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); }@Bean public AuthenticationManager authenticationManager() throws Exception { return super.authenticationManager(); }@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/oauth/**","/login/**","/logout/**") .permitAll() .anyRequest() .authenticated() .and() .formLogin() .permitAll(); } }

2.3 创建UserService实现UserDetailService接口

package com.dashi.springsecurityoauth.model; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import java.util.Collection; import java.util.List; public class User implements UserDetails { private String username; private String password; private List authorities; public User(String username, String password, List authorities) { this.username = username; this.password = password; this.authorities = authorities; }@Override public Collection getAuthorities() { return this.authorities; }@Override public String getPassword() { return this.password; }@Override public String getUsername() { return this.username; }@Override public boolean isAccountNonExpired() { return true; }@Override public boolean isAccountNonLocked() { return true; }@Override public boolean isCredentialsNonExpired() { return true; }@Override public boolean isEnabled() { return true; } }

2.4 创建redis配置

package com.dashi.springsecurityoauth.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore; @Configuration public class RedisConfig {@Autowired private RedisConnectionFactory redisConnectionFactory; @Bean public TokenStore redisTokenStore(){ return new RedisTokenStore(redisConnectionFactory); } }

2.5 application.properties配置文件修改

spring.redis.host=localhost

2.6 创建认证服务

package com.dashi.springsecurityoauth.config; import com.dashi.springsecurityoauth.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.provider.token.TokenStore; @Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {@Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationManager authenticationManager; @Autowired private UserService userService; @Autowired @Qualifier("redisTokenStore") private TokenStore tokenStore; /** * 密码模式采用AuthorizationServerEndpointsConfigurer配置 * @param endpoints * @throws Exception */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager) .userDetailsService(userService) //token存储 .tokenStore(tokenStore); }/** * 授权码模式采用ClientDetailsServiceConfigurer * @param clients * @throws Exception */ @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("admin") .secret(passwordEncoder.encode("112233")) .accessTokenValiditySeconds(3600) .redirectUris("http://www.baidu.com") .scopes("all") //配置grant_type，表示授权码授权 //.authorizedGrantTypes("authorization_code"); //密码模式 .authorizedGrantTypes("password"); } }

2.7 创建资源服务

package com.dashi.springsecurityoauth.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; @Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest() .authenticated() .and() .requestMatchers() //以/user开头的地址根据token访问资源 .antMatchers("/user/**"); } }

2.8 打开postman，填入下面内容获取token