一对一做的好的网站,西安建设工程交易中心官网,网页制作流程图模板,wordpress退出维护模式博主介绍#xff1a;✌专注于前后端领域开发的优质创作者、秉着互联网精神开源贡献精神#xff0c;答疑解惑、坚持优质作品共享。本人是掘金/腾讯云/阿里云等平台优质作者、擅长前后端项目开发和毕业项目实战#xff0c;深受全网粉丝喜爱与支持✌有需要可以联系作者我哦✌专注于前后端领域开发的优质创作者、秉着互联网精神开源贡献精神答疑解惑、坚持优质作品共享。本人是掘金/腾讯云/阿里云等平台优质作者、擅长前后端项目开发和毕业项目实战深受全网粉丝喜爱与支持✌有需要可以联系作者我哦 文末三连哦 什么是Token Store
在Web开发中Token Store 通常用于存储用户身份验证令牌Tokens例如 JSON Web Tokens (JWT) 或其他形式的令牌。这些令牌可以用于验证用户身份实现用户会话管理以及访问控制。 一种简单的Token Store示例使用Node.js和Express框架以及一个基于内存的Token存储方式 const express require(express);
const jwt require(jsonwebtoken);const app express();
app.use(express.json());// In-memory Token Store
const tokenStore {};// Secret key for JWT (replace with a strong, secret key in production)
const secretKey your_secret_key;// Middleware to verify JWT
function verifyToken(req, res, next) {const token req.headers.authorization;if (!token) {return res.status(403).json({ message: No token provided });}jwt.verify(token, secretKey, (err, decoded) {if (err) {return res.status(401).json({ message: Failed to authenticate token });}req.user decoded;next();});
}// Endpoint to generate and return a JWT
app.post(/login, (req, res) {const { username, password } req.body;// Authenticate user (replace with your actual authentication logic)// For simplicity, assume any username and password combination is validconst user { username, role: user };// Generate a JWTconst token jwt.sign(user, secretKey, { expiresIn: 1h });// Store the token in memorytokenStore[token] user;res.json({ token });
});// Protected endpoint that requires a valid JWT for access
app.get(/protected, verifyToken, (req, res) {res.json({ message: This is a protected endpoint, user: req.user });
});// Start the server
const port 3000;
app.listen(port, () {console.log(Server is running on http://localhost:${port});
});Spring Security 提供了几个常见的 TokenStore 实现包括内存中存储、JDBC 数据库存储和基于 JWTJSON Web Token的存储。下面将分别介绍这三种实现方式并提供基本的代码示例。 1. 内存中存储In-Memory
Configuration
EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {Autowiredprivate AuthenticationManager authenticationManager;Beanpublic TokenStore inMemoryTokenStore() {return new InMemoryTokenStore();}Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient(client).secret({noop}secret) // 使用 {noop} 表示不加密.authorizedGrantTypes(password, authorization_code, refresh_token).scopes(read, write).accessTokenValiditySeconds(3600).refreshTokenValiditySeconds(86400);}Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.tokenStore(inMemoryTokenStore()).authenticationManager(authenticationManager);}
}2. JDBC 数据库存储
Configuration
EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {Autowiredprivate AuthenticationManager authenticationManager;Autowiredprivate DataSource dataSource;Beanpublic TokenStore jdbcTokenStore() {return new JdbcTokenStore(dataSource);}Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.jdbc(dataSource);}Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.tokenStore(jdbcTokenStore()).authenticationManager(authenticationManager);}
}3. 基于 JWT 的存储
Configuration
EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {Autowiredprivate AuthenticationManager authenticationManager;Value(${security.jwt.client-id})private String clientId;Value(${security.jwt.client-secret})private String clientSecret;Value(${security.jwt.grant-type})private String grantType;Value(${security.jwt.scope-read})private String scopeRead;Value(${security.jwt.scope-write})private String scopeWrite;Value(${security.jwt.resource-ids})private String resourceIds;Beanpublic TokenStore jwtTokenStore() {return new JwtTokenStore(jwtAccessTokenConverter());}Beanpublic JwtAccessTokenConverter jwtAccessTokenConverter() {JwtAccessTokenConverter converter new JwtAccessTokenConverter();converter.setSigningKey(secret);return converter;}Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient(clientId).secret({noop} clientSecret).authorizedGrantTypes(grantType).scopes(scopeRead, scopeWrite).resourceIds(resourceIds);}Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter()).authenticationManager(authenticationManager);}
}小结
我们介绍了Spring Security中三种不同的Token Store实现方式。具体包括内存中存储、JDBC数据库存储和基于JWT的存储。每个实现方式都涉及到授权服务器的配置用于管理和验证令牌以及客户端详情的配置。 大家点赞、收藏、关注、评论啦谢谢三连哦
