Spring cloud security services combat -5-9 micro-Based session of SSO (Token period)

Others 2019-12-01 16:14:52 views: null

The token is valid

will be a case session period has not arrived yet. But the token expired.
User login with, but the failure of the token can not access the service.

To refresh token and clientId and ClientSecret used together, retransmission request is valid.
So where is the refresh token? We have never in the database configuration this field.
refresh_token_validity: refresh token valid. No configuration will not send refresh_token,

when configured on this value, it will send refresh_token. Here the effective time of a configuration 259200 30 days.


token request header in which to acquire data, there might occur the case token expires.

Expired we need to use refreshToken to refresh.

First look at the expiration of the way, here we are set to 10 seconds, token expiration time for


the issue to go access_token cleared away. The records in this table are deleted, 


restart the authentication server and admin services


because our session is still valid, you can continue to access the landing. But our token has no information. So I will generate token of one mind in the database. This token is valid for only 10 seconds.

Refresh the page without landing came in. Click the button to get order information are possible


within the database more than a token


with the token request to send

the first two requests are successful, the third request, token has expired. Retransmission request will be given.

Write to refresh token code

在这里判断令牌是否过期,过期就刷新令牌。



加一个过期时间的属性




我们把他改成long类型


过期时间就是当前时间,加上过期的秒数

有了这个时间 ,就可以判断 当前是不是过期了。
过期时间是不是在当前时间之前,是的话 就是过期了。


声明RestTemplate





init方法把自己当前对象返回回去。

有可能是还有几毫秒就过期了。拿到了这个token去访问 访问过程中可能就过期了。所以这里我们再减掉3秒。

声明TokenValue

执行newToken的init方法,及时初始化了新的过期时间。
最终把新的access_token放在请求头上。

callback回调这里修改

这里要init方法调用一下

Oauth加一个配置

指定userDetailsService

下面已经制定了authenticationManager了,上面为什么还要userDetailsService。这个userDetailsService是专门给refresh_token用的。 
我们其他的那四种授权模式,当你要认证用户的时候,都是用户名和密码一块对的,不管是授权码还是password,用户名和密码都会传过来。然后会用authenticationManager来验用户名密码。
因为下面这里。的 AuthenticationManagerBuilder这里把用户和密码都设置上了。


当我refresh_token的时候,是没有密码的,只有用户名,这时候我就只需要一个UserDetailsService来获取我的用户信息。↓所以下面这里要单独指定一个userDetailsService给refresh_token来用。

注入userDetailsService

数据库配置

让admin这个client支持 refresh_token 在授权类型这里加一个新的类型




测试

启动认证服务和admin的服务

session都删除了  所以需要重新登陆




多点击几次


大概没隔10秒 都会出现一个比较耗时的请求。这应该就是后台去刷新令牌了。


可以移植点下去 ,不会再报错了。因为refresh_token有效期很长,一个月。可以不断的用refresh_token来刷新令牌。
 

结束


 

Guess you like

Origin www.cnblogs.com/wangjunwei/p/11966240.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com