redis存储token

欢迎关注博主公众号「Java大师」, 专注于分享Java领域干货文章http://www.javaman.cn/sb2/redis-token

在实际开发中,token需要保存在redis中,今天我们就来介绍下token怎么存储在redis中

密码模式实现代码

2.1 创建pom.xml

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

    <modelVersion>4.0.0</modelVersion>

    <parent>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-parent</artifactId>

        <version>2.2.6.RELEASE</version>

        <relativePath/> <!-- lookup parent from repository -->

    </parent>

    <groupId>com.dashi</groupId>

    <artifactId>springsecurity-oauth</artifactId>

    <version>0.0.1-SNAPSHOT</version>

    <name>springsecurity-oauth</name>

    <description>Demo project for Spring Boot</description>

    <properties>

        <java.version>1.8</java.version>

        <spring-cloud.version>Greenwich.SR2</spring-cloud.version>

    </properties>

    <dependencies>

        <dependency>

            <groupId>org.springframework.cloud</groupId>

            <artifactId>spring-cloud-starter-oauth2</artifactId>

            <version>2.2.5.RELEASE</version>

        </dependency>

        <!--security依赖-->

        <dependency>

            <groupId>org.springframework.cloud</groupId>

            <artifactId>spring-cloud-starter-security</artifactId>

            <version>2.2.5.RELEASE</version>

        </dependency>

        <!--boot依赖-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter</artifactId>

        </dependency>

        <!--boot依赖-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-web</artifactId>

        </dependency>

        <!--test依赖-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-test</artifactId>

            <scope>test</scope>

        </dependency>

        <!--redis依赖 -->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-data-redis</artifactId>

        </dependency>

        <!--commons-pool2对象依赖 -->

        <dependency>

            <groupId>org.apache.commons</groupId>

            <artifactId>commons-pool2</artifactId>

        </dependency>

    </dependencies>

    <build>

        <plugins>

            <plugin>

                <groupId>org.springframework.boot</groupId>

                <artifactId>spring-boot-maven-plugin</artifactId>

            </plugin>

        </plugins>

    </build>

    <dependencyManagement>

        <dependencies>

            <dependency>

                <groupId>org.springframework.cloud</groupId>

                <artifactId>spring-cloud-dependencies</artifactId>

                <version>${spring-cloud.version}</version>

                <type>pom</type>

                <scope>import</scope>

            </dependency>

        </dependencies>

    </dependencyManagement>

</project>

2.2 创建springsecurity配置文件

package com.dashi.springsecurityoauth.config;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration

@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean

    public PasswordEncoder passwordEncoder(){

        return new BCryptPasswordEncoder();

    }

    @Bean

    public AuthenticationManager authenticationManager() throws Exception {

        return super.authenticationManager();

    }

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable()

                .authorizeRequests()

                .antMatchers("/oauth/**","/login/**","/logout/**")

                .permitAll()

                .anyRequest()

                .authenticated()

                .and()

                .formLogin()

                .permitAll();

    }

}

2.3 创建UserService实现UserDetailService接口

package com.dashi.springsecurityoauth.model;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;

import java.util.List;

public class User implements UserDetails {

    private String username;

    private String password;

    private List<GrantedAuthority> authorities;

    public User(String username, String password, List<GrantedAuthority> authorities) {

        this.username = username;

        this.password = password;

        this.authorities = authorities;

    }

    @Override

    public Collection<? extends GrantedAuthority> getAuthorities() {

        return this.authorities;

    }

    @Override

    public String getPassword() {

        return this.password;

    }

    @Override

    public String getUsername() {

        return this.username;

    }

    @Override

    public boolean isAccountNonExpired() {

        return true;

    }

    @Override

    public boolean isAccountNonLocked() {

        return true;

    }

    @Override

    public boolean isCredentialsNonExpired() {

        return true;

    }

    @Override

    public boolean isEnabled() {

        return true;

    }

}

2.4 创建redis配置

package com.dashi.springsecurityoauth.config;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.data.redis.connection.RedisConnectionFactory;

import org.springframework.security.oauth2.provider.token.TokenStore;

import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

@Configuration

public class RedisConfig {

    @Autowired

    private RedisConnectionFactory redisConnectionFactory;

    @Bean

    public TokenStore redisTokenStore(){

        return new RedisTokenStore(redisConnectionFactory);

    }

}

2.5 application.properties配置文件修改

spring.redis.host=localhost

2.6 创建认证服务

package com.dashi.springsecurityoauth.config;

import com.dashi.springsecurityoauth.service.UserService;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.beans.factory.annotation.Qualifier;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;

import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;

import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired

    private PasswordEncoder passwordEncoder;

    @Autowired

    private AuthenticationManager authenticationManager;

    @Autowired

    private UserService userService;

    @Autowired

    @Qualifier("redisTokenStore")

    private TokenStore tokenStore;

    /**

     * 密码模式采用AuthorizationServerEndpointsConfigurer配置

     * @param endpoints

     * @throws Exception

     */

    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.authenticationManager(authenticationManager)

                .userDetailsService(userService)

          		//token存储

                .tokenStore(tokenStore);

    }

    /**

     * 授权码模式采用ClientDetailsServiceConfigurer

     * @param clients

     * @throws Exception

     */

    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()

                .withClient("admin")

                .secret(passwordEncoder.encode("112233"))

                .accessTokenValiditySeconds(3600)

                .redirectUris("http://www.baidu.com")

                .scopes("all")

                //配置grant_type,表示授权码授权

                //.authorizedGrantTypes("authorization_code");

                //密码模式

                .authorizedGrantTypes("password");

    }

}

2.7 创建资源服务

package com.dashi.springsecurityoauth.config;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override

    public void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()

                .anyRequest()

                .authenticated()

                .and()

                .requestMatchers()

          		//以/user开头的地址根据token访问资源

                .antMatchers("/user/**");

    }

}

2.8 打开postman,填入下面内容获取token

2.9 通过token访问授保护的资源

2.8 redis存储,通过RDM发现token已经存储在redis中了

redis存储token的更多相关文章

  1. 讨论两种Redis中Token的存储方式

    摘要:本文讨论一个问题:存储token时,token与对应用户id谁来作为key? 问题起源问题起源于要给公司的后台管理系统添加权限管理,选用的是开源框架shiro,而原本系统上是采用token做了登 ...

  2. nginx+iis+redis+Task.MainForm构建分布式架构 之 (redis存储分布式共享的session及共享session运作流程)

    本次要分享的是利用windows+nginx+iis+redis+Task.MainForm组建分布式架构,上一篇分享文章制作是在windows上使用的nginx,一般正式发布的时候是在linux来配 ...

  3. RESTful登录设计(基于Spring及Redis的Token鉴权)

    转载自:http://www.scienjus.com/restful-token-authorization/ http://m.blog.csdn.net/article/details?id=4 ...

  4. Redis存储Tomcat集群的Session

    Redis存储Tomcat集群的Session 如何 做到把新开发的代码推送到到生产系统中部署,生产系统要能够零宕机.对使用用户零影响. 设想 是使用集群来搞定,通过通知负载均衡Nginx,取下集群中 ...

  5. redis 存储session实现session共享

    nginx 作为代理 tomcat集群 redis存储共享session nginx采用轮询方式将动态请求反向代理给tomcat,tomcat通过加载相应jar包方式实现获得redis中共享的sess ...

  6. Tomcat 使用Redis存储Session

    Tomcat Redis Session Github 地址. 下载 commons-pool2-2.2.jar,jedis-2.5.2.jar,tomcat-redis-session-manage ...

  7. Asp.net Core 使用Redis存储Session

    前言 Asp.net Core 改变了之前的封闭,现在开源且开放,下面我们来用Redis存储Session来做一个简单的测试,或者叫做中间件(middleware). 对于Session来说褒贬不一, ...

  8. php使用redis存储

    一.Redis扩展模块 # wget https://codeload.github.com/phpredis/phpredis/zip/develop -O phpredis.zip # unzip ...

  9. Redis 存储、查询

    [TOC] 数据存储 假设我们在MySQL数据库中有这样一张表: mysql> desc user_info; Field Type Null Key Default Extra id int( ...

随机推荐

  1. PostgreSQL逻辑订阅

    测试环境:PostgreSQL 13.2 1.逻辑订阅简介 由于物理复制只能做到这个集群的复制,不能正对某个对象(表)进行复制,且物理复制的备库只能读,不能写.相反,逻辑订阅同时支持主备库读写,且可以 ...

  2. Objects、Arrays、Collectors、System工具类

    Objects类 定义 位于java.util包中,JDK1.7以后操作对象的类,对对象的空,对象是否相等进行判断. 常用方法 1.public static boolean equals(Objec ...

  3. 在java中静态方法与非静态方法

    在java中public void与public static void有什么区别 ? public void 修饰是非静态方法,该类方法属于对象,在对象初始化(new Object())后才能被调用 ...

  4. 推荐的php安全配置选项

    推荐安全配置选项 这里有几个会影响安全功能的 PHP 配置设置.下面是一些显然应该用于生产服务器的: register_globals 设置为 offsafe_mode 设置为 offerror_re ...

  5. NSPredicate类,指定过滤器的条件---董鑫

    /* 比较和逻辑运算符 就像前面的例子中使用了==操作符,NSPredicate还支持>, >=, <, <=, !=, <>,还支持AND, OR, NOT(或写 ...

  6. Elementui【tooltip】 在弹框关闭之后再次‘出现’的问题

    如图,第一次弹窗进来的时候,符合条件之后,这个提示文字的位置是对的,而且正常显示: 现在点击取消按钮,第二次进入弹窗,如图,提示文字就跑到了左上角,而且输入符合条件的数值之后,会另外显示一个toolt ...

  7. 浅谈.net core如何使用EFCore为一个上下文注类型注入多个实例用于连接主从数据库

    在很多一主多从数据库的场景下,很多开发同学为了复用DbContext往往采用创建一个包含所有DbSet<Model>父类通过继承派生出Write和ReadOnly类型来实现,其实可以通过命 ...

  8. Python中set集合常用操作

    功能 Python符号 Python方法 备注 交集 & intersection, intersection_update &:取两者交集>>> set3 = se ...

  9. Solution -「LOCAL」解析电车

    \(\mathcal{Description}\)   给定 \(n\) 个点 \(m\) 条边的无向图,每条边形如 \((u,v,r)\),表示 \(u,v\) 之间有一条阻值为 \(r\Omega ...

  10. SpringMVC的web配置

    之前并没有意愿写关于下面内容的小作文.因为总结SPI相关的标准(SPI机制之JDK中的SPI - 池塘里洗澡的鸭子 - 博客园 (cnblogs.com)),而这个也是关于标准的,Servlet3.0 ...