RedisTo storeOAuth2Related client information and generatedAccessTokenIs a good choice,RedisThe inherent high efficiency of cluster deployment is a better feature if used asService Certification CenterData storage, can greatly improve response efficiency.
Redis also supports automatic deletion of timeout. AccessToken data generated by OAuth2 will be automatically cleared when the configured valid time is exceeded, which also improves the security of the interface implicitly.
If Redis can do so well, how can we implement the code logic?
ApiBoot OAuth2 supports using Redis to store AccessToken. You only need to modify one configuration of application.yml to achieve this. Related usage can also be learned by checking the documentation.
- ApiBoot OAuth Official document
ApiBoot Security OAuth component series
- ApiBoot implements zero code integration with Spring Security & OAuth2
- Zero code ApiBoot integrates Spring Security’s JDBC approach to AccessToken
- Ever seen such an easy way to integrate Spring Security & OAuth2 custom query users?
- Spring Security & OAuth2 achieves access to AccessToken by SMS verification code
- How can Spring Security integrate OAuth2 with open permission interception paths?
- I thought OAuth2 integrating JWT would be difficult until I used ApiBoot and everything changed!
- So let’s see how OAuth2 sets AccessToken expiration time how long
- OAuth2 uses Redis to store client information as well as AccessToken
Create a project
We use the IDEA development tool to create a SpringBoot project and add the ApiBoot unified version dependencies and security component dependencies we need to the project’s POM.xml, as shown below:
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.minbox.framework</groupId> <artifactId>api-boot-starter-security-oauth-jwt</artifactId> </dependency> </dependencies> <dependencyManagement> <dependencies> <dependency> <groupId>org.minbox.framework</groupId> <artifactId>api-boot-dependencies</artifactId> <version> 2.2.2. RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>Copy the codeAdded Redis support
Since we need Redis in this chapter, we need to add dependencies to the project. SpringBoot already provides packaged dependencies under the dependencies node in the POm. XML file, as shown below:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>Copy the codeConfigure Redis connection information
SpringBoot encapsulates Redis connections and data operations. We just need to add Redis connection information to the application.yml configuration file.
The spring-boot-starter-data-redis dependency is provided by the RedisProperties class, which has default values for some of the configuration fields.
@ConfigurationProperties(prefix = "spring.redis") public class RedisProperties { /** * Database index used by the connection factory. */ private int database = 0; /** * Connection URL. Overrides host, port, and password. User is ignored. Example: * redis://user:[email protected]:6379 */ private String url; /** * Redis server host. */ private String host = "localhost"; /** * Login password of the redis server. */ private String password; /** * Redis server port. */ private int port = 6379; / /... }Copy the codeTo connect to Redis in the default configuration, simply configure spring.redis. Password in application.yml, as shown below:
Spring: # configure Redis connection information Redis: password: 123123Copy the codeThe password is the password used to connect to Redis and is configured in the Redis.
Configuration description:
spring.redis.database: If you useRedis DataBaseIt’s not by default0Index. This configuration needs to be modifiedspring.redis.hostDefault for:localhostIf it is not used locally, you need to modify the configurationspring.redis.url: this is a connection string that is automatically overwritten if the day is configureddatabase,host,portWait for three configurationsspring.redis.portDefault for:RedisThe port number6379If it has been modifiedRedisYou need to modify the configuration
Enable ApiBoot OAuth Redis
The ApiBoot OAuth provides redis configuration options, specified in the application.yml file with the api.boot.oauth.away configuration parameter, as shown below:
Users: -username: yuqiyu password: 123123 oauth: # Redis to store OAuth2 data away: Clients: - clientId: minbox clientSecret: chapterCopy the codeFor demonstration purposes, we configured a user yuqiyu in memory using ApiBoot Security, and modified the default client information to add a new Minbox client.
If you are not familiar with ApiBoot Security user configuration or ApiBoot OAuth client configuration, you can check the official documentation:
- ApiBoot Security
- ApiBoot OAuth
Run the test
Before running the test we add a controller named ApiController to test, as shown below:
@restController@requestMapping (value = "/ Api ") public class ApiController {/** * * * @return */ @getMapping (value = "/index") public String index() {return "this is index"; }}Copy the codeTest point: View AccessToken stored in Redis
The expected effect is that when we send a request for AccessToken, the generated AccessToken will be automatically stored in Redis.
Use CURL to retrieve AccessToken, as shown below:
➜ ~ curl minbox: chapter @ localhost: 9090 / request/token - d 'grant_type = password&username = yuqiyu&password = 123123' {"access_token":"38a7ee20-2fad-43c5-a349-31e6f0ee0f29","token_type":"bearer","refresh_token":"f469b1e8-f63c-4be9-8564-26 03f8458024","expires_in":7199,"scope":"api"}Copy the codeLet’s use redis-cli to see if AccessToken has been stored in Redis as follows:
➜ ~ redis-cli
127.0.0.1:6379> auth 123123
OK
127.0.0.1:6379> keys *
1) "uname_to_access:minbox:yuqiyu"
2) "refresh_to_access:f469b1e8-f63c-4be9-8564-2603f8458024"
3) "access_to_refresh:1ea8e5cd-ea63-4a73-969f-9e7767f25f30"
4) "auth:38a7ee20-2fad-43c5-a349-31e6f0ee0f29"
5) "refresh_auth:6898bef4-f4a7-4fa9-858b-a4c62a1567d8"
6) "refresh:6898bef4-f4a7-4fa9-858b-a4c62a1567d8"
7) "refresh_auth:f469b1e8-f63c-4be9-8564-2603f8458024"
8) "access:38a7ee20-2fad-43c5-a349-31e6f0ee0f29"
9) "refresh_to_access:6898bef4-f4a7-4fa9-858b-a4c62a1567d8"
10) "auth_to_access:f02ceb5faa4577222082842b82a57067"
11) "refresh:f469b1e8-f63c-4be9-8564-2603f8458024"
12) "access_to_refresh:38a7ee20-2fad-43c5-a349-31e6f0ee0f29"
13) "client_id_to_access:minbox"Copy the codeHere we have successfully stored the AccessToken generated by OAuth2 into Redis. If the AccessToken data exceeds expires_in time, it will be cleared automatically.
Test point: Carries the AccessToken access interface
We can take the generated AccessToken and access the interface within the test ApiController we added above, as follows:
➜ ~ curl - H 'Authorization: Bearer a7ee20 38-2 fad - 43 c5 - a349-31 e6f0ee0f29' http://localhost:9090/api/index this is the indexCopy the codeWe can get the returned interface of the interface, which also proves that there is no problem with AccessToken authentication, OAuth2 takes the requested AccessToken to Redis and validates it.
Type on the blackboard and underline
ApiBoot OAuth supports three storage methods have been informed through the way of the article, each method is streamlined, simple configuration, add related dependencies, can achieve in the previous let a lot of people headache integration.
If there is a large amount of data in a production environment, Redis clustering is recommended to solve the problem of storing AccessToken.
If you are not familiar with the other two storage methods of ApiBoot OAuth, you can check out my series of articles on the use of various components of the ApiBoot open source framework
Code sample
If you like this article please click Star for source repository, thanks!! Example source code for this article can be obtained from apiboot-Oauth-use-redis-storage:
- Gitee:Gitee.com/minbox-proj…
Author’s Personal blog
Use the open source framework ApiBoot to help you become an Api service architect