redis存储token

欢迎关注博主公众号「Java大师」, 专注于分享Java领域干货文章http://www.javaman.cn/sb2/redis-token

在实际开发中,token需要保存在redis中,今天我们就来介绍下token怎么存储在redis中

密码模式实现代码

2.1 创建pom.xml

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

    <modelVersion>4.0.0</modelVersion>

    <parent>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-parent</artifactId>

        <version>2.2.6.RELEASE</version>

        <relativePath/> <!-- lookup parent from repository -->

    </parent>

    <groupId>com.dashi</groupId>

    <artifactId>springsecurity-oauth</artifactId>

    <version>0.0.1-SNAPSHOT</version>

    <name>springsecurity-oauth</name>

    <description>Demo project for Spring Boot</description>

    <properties>

        <java.version>1.8</java.version>

        <spring-cloud.version>Greenwich.SR2</spring-cloud.version>

    </properties>

    <dependencies>

        <dependency>

            <groupId>org.springframework.cloud</groupId>

            <artifactId>spring-cloud-starter-oauth2</artifactId>

            <version>2.2.5.RELEASE</version>

        </dependency>

        <!--security依赖-->

        <dependency>

            <groupId>org.springframework.cloud</groupId>

            <artifactId>spring-cloud-starter-security</artifactId>

            <version>2.2.5.RELEASE</version>

        </dependency>

        <!--boot依赖-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter</artifactId>

        </dependency>

        <!--boot依赖-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-web</artifactId>

        </dependency>

        <!--test依赖-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-test</artifactId>

            <scope>test</scope>

        </dependency>

        <!--redis依赖 -->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-data-redis</artifactId>

        </dependency>

        <!--commons-pool2对象依赖 -->

        <dependency>

            <groupId>org.apache.commons</groupId>

            <artifactId>commons-pool2</artifactId>

        </dependency>

    </dependencies>

    <build>

        <plugins>

            <plugin>

                <groupId>org.springframework.boot</groupId>

                <artifactId>spring-boot-maven-plugin</artifactId>

            </plugin>

        </plugins>

    </build>

    <dependencyManagement>

        <dependencies>

            <dependency>

                <groupId>org.springframework.cloud</groupId>

                <artifactId>spring-cloud-dependencies</artifactId>

                <version>${spring-cloud.version}</version>

                <type>pom</type>

                <scope>import</scope>

            </dependency>

        </dependencies>

    </dependencyManagement>

</project>

2.2 创建springsecurity配置文件

package com.dashi.springsecurityoauth.config;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration

@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean

    public PasswordEncoder passwordEncoder(){

        return new BCryptPasswordEncoder();

    }

    @Bean

    public AuthenticationManager authenticationManager() throws Exception {

        return super.authenticationManager();

    }

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable()

                .authorizeRequests()

                .antMatchers("/oauth/**","/login/**","/logout/**")

                .permitAll()

                .anyRequest()

                .authenticated()

                .and()

                .formLogin()

                .permitAll();

    }

}

2.3 创建UserService实现UserDetailService接口

package com.dashi.springsecurityoauth.model;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;

import java.util.List;

public class User implements UserDetails {

    private String username;

    private String password;

    private List<GrantedAuthority> authorities;

    public User(String username, String password, List<GrantedAuthority> authorities) {

        this.username = username;

        this.password = password;

        this.authorities = authorities;

    }

    @Override

    public Collection<? extends GrantedAuthority> getAuthorities() {

        return this.authorities;

    }

    @Override

    public String getPassword() {

        return this.password;

    }

    @Override

    public String getUsername() {

        return this.username;

    }

    @Override

    public boolean isAccountNonExpired() {

        return true;

    }

    @Override

    public boolean isAccountNonLocked() {

        return true;

    }

    @Override

    public boolean isCredentialsNonExpired() {

        return true;

    }

    @Override

    public boolean isEnabled() {

        return true;

    }

}

2.4 创建redis配置

package com.dashi.springsecurityoauth.config;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.data.redis.connection.RedisConnectionFactory;

import org.springframework.security.oauth2.provider.token.TokenStore;

import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

@Configuration

public class RedisConfig {

    @Autowired

    private RedisConnectionFactory redisConnectionFactory;

    @Bean

    public TokenStore redisTokenStore(){

        return new RedisTokenStore(redisConnectionFactory);

    }

}

2.5 application.properties配置文件修改

spring.redis.host=localhost

2.6 创建认证服务

package com.dashi.springsecurityoauth.config;

import com.dashi.springsecurityoauth.service.UserService;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.beans.factory.annotation.Qualifier;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;

import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;

import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired

    private PasswordEncoder passwordEncoder;

    @Autowired

    private AuthenticationManager authenticationManager;

    @Autowired

    private UserService userService;

    @Autowired

    @Qualifier("redisTokenStore")

    private TokenStore tokenStore;

    /**

     * 密码模式采用AuthorizationServerEndpointsConfigurer配置

     * @param endpoints

     * @throws Exception

     */

    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.authenticationManager(authenticationManager)

                .userDetailsService(userService)

          		//token存储

                .tokenStore(tokenStore);

    }

    /**

     * 授权码模式采用ClientDetailsServiceConfigurer

     * @param clients

     * @throws Exception

     */

    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()

                .withClient("admin")

                .secret(passwordEncoder.encode("112233"))

                .accessTokenValiditySeconds(3600)

                .redirectUris("http://www.baidu.com")

                .scopes("all")

                //配置grant_type,表示授权码授权

                //.authorizedGrantTypes("authorization_code");

                //密码模式

                .authorizedGrantTypes("password");

    }

}

2.7 创建资源服务

package com.dashi.springsecurityoauth.config;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override

    public void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()

                .anyRequest()

                .authenticated()

                .and()

                .requestMatchers()

          		//以/user开头的地址根据token访问资源

                .antMatchers("/user/**");

    }

}

2.8 打开postman,填入下面内容获取token

2.9 通过token访问授保护的资源

2.8 redis存储,通过RDM发现token已经存储在redis中了

redis存储token的更多相关文章

  1. 讨论两种Redis中Token的存储方式

    摘要:本文讨论一个问题:存储token时,token与对应用户id谁来作为key? 问题起源问题起源于要给公司的后台管理系统添加权限管理,选用的是开源框架shiro,而原本系统上是采用token做了登 ...

  2. nginx+iis+redis+Task.MainForm构建分布式架构 之 (redis存储分布式共享的session及共享session运作流程)

    本次要分享的是利用windows+nginx+iis+redis+Task.MainForm组建分布式架构,上一篇分享文章制作是在windows上使用的nginx,一般正式发布的时候是在linux来配 ...

  3. RESTful登录设计(基于Spring及Redis的Token鉴权)

    转载自:http://www.scienjus.com/restful-token-authorization/ http://m.blog.csdn.net/article/details?id=4 ...

  4. Redis存储Tomcat集群的Session

    Redis存储Tomcat集群的Session 如何 做到把新开发的代码推送到到生产系统中部署,生产系统要能够零宕机.对使用用户零影响. 设想 是使用集群来搞定,通过通知负载均衡Nginx,取下集群中 ...

  5. redis 存储session实现session共享

    nginx 作为代理 tomcat集群 redis存储共享session nginx采用轮询方式将动态请求反向代理给tomcat,tomcat通过加载相应jar包方式实现获得redis中共享的sess ...

  6. Tomcat 使用Redis存储Session

    Tomcat Redis Session Github 地址. 下载 commons-pool2-2.2.jar,jedis-2.5.2.jar,tomcat-redis-session-manage ...

  7. Asp.net Core 使用Redis存储Session

    前言 Asp.net Core 改变了之前的封闭,现在开源且开放,下面我们来用Redis存储Session来做一个简单的测试,或者叫做中间件(middleware). 对于Session来说褒贬不一, ...

  8. php使用redis存储

    一.Redis扩展模块 # wget https://codeload.github.com/phpredis/phpredis/zip/develop -O phpredis.zip # unzip ...

  9. Redis 存储、查询

    [TOC] 数据存储 假设我们在MySQL数据库中有这样一张表: mysql> desc user_info; Field Type Null Key Default Extra id int( ...

随机推荐

  1. ExcelPackage 使用說明

    1.使用方法 public IActionResult Excel() { string sWebRootFolder = _hostingEnvironment.WebRootPath; strin ...

  2. linux centos6.3 升级svn1.6到svn1.8

    linux centos6.3 升级svn1.6 1. 删除svn1.6 #yum remover subverson12.设置svn1.8安装源 vim /etc/yum.repos.d/wandi ...

  3. Python调用windows下DLL详解 - ctypes库的使用

    在python中某些时候需要C做效率上的补充,在实际应用中,需要做部分数据的交互.使用python中的ctypes模块可以很方便的调用windows的dll(也包括linux下的so等文件),下面将详 ...

  4. js正则表达式 (.+)与(.+?)

    (.+)默认是贪婪匹配 (.+?)为惰性匹配 疑问号让.+的搜索模式从贪婪模式变成惰性模式. var str = 'aaa<div style="font-color:red;&quo ...

  5. 通过Python自带模块SimpleHTTPServer快速共享服务的配置文件

    简介 SimpleHTTPServer是Python 2自带的一个模块,是Python的Web服务器,简单小巧,快速启动. 它在Python 3已经合并到http.server模块中. SimpleH ...

  6. Junit4进行参数化测试

    @RunWith, 当类被@RunWith注解修饰,或者类继承了一个被该注解修饰的类,JUnit将会使用这个注解所指明的运行器(runner)来运行测试,而不是JUnit默认的运行器. 要进行参数化测 ...

  7. Java基础复习(三)

    1. &和&&的区别. &和&&都可以用作逻辑与的运算符,表示逻辑与(and),当运算符两边的表达式的结果都为true时,整个运算结果才为true,否则 ...

  8. 【BZOJ2337】XOR和路径(高斯消元)

    题目链接 大意 给出\(N\)个点,\(M\)条边的一张图,其中每条边都有一个非负整数边权. 一个人从1号点出发,在与该点相连的边中等概率的选择一条游走,直到走到\(N\)号点. 问:将这条路径上的边 ...

  9. Java读写文件常用方法

    一.字符流:读写纯文本(txt,csv等), 1 字符流写文件主要用:FileWriter,BufferedWriter,PrintWriter 1.1 测试 FileWriter 写入 privat ...

  10. Jest_JavaScript测试框架

    Jest是一个JavaScript测试框架,由Facebook用来测试所有JavaScript代码,包括React应用程序. 不同级别的自动化测试:单元.集成.组件和功能. 单元测试可以看作是和在组件 ...