使用 JdbcStore 时配置 JWT 令牌过期时间

Question

我正在尝试使用带有 jdbcTokenStore 的 JWT 通过 OAuth2 实现 Spring Security：

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setAccessTokenValiditySeconds(60);
        defaultTokenServices.setRefreshTokenValiditySeconds(80);
        defaultTokenServices.setReuseRefreshToken(false);
        return defaultTokenServices;
    }

Github

但是在我使用 Postman 创建 Token 后，我总是得到价值：

{
    "access_token": "....",
    "token_type": "bearer",
    "refresh_token": "....",
    "expires_in": 41502,
    "scope": "read",
    "organization": "admin Drivelog",
    "jti": "2f33707a-30e3-4145-9d9d-7c2e4a4535dd"
}

ypi 知道如何配置访问令牌过期时间。由于某种原因，setAccessTokenValiditySeconds 无法正常工作。

Answer 1

您可能忘记配置资源服务器以使用令牌服务，例如：

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Autowired
private ResourceServerTokenServices tokenServices;

@Autowired
private JwtAccessTokenConverter accessTokenConverter;

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.tokenServices(tokenServices);
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .requestMatchers()
        .and()
        .authorizeRequests()
        .antMatchers("/actuator/**", "/api-docs/**","/oauth/*").permitAll()
        .antMatchers("/jwttest/**" ).authenticated();
}
}

在https://medium.com/@dassum/securing-spring-boot-rest-api-with-json-web-token-and-jdbc-token-store-67558a7d6c29中找到