Without further ado, get straight to the topic (assuming you are familiar with Spring Security, OAuth2, JWT technology, search for information if you are not familiar with it)

Rely on the version

  • Springboot 2.1.5. RELEASE
  • Spring ws-security – oauth2 2.3.5. RELEASE
  • JJWT 0.9.1

New JWTokenConfig

@Configuration
public class JWTokenConfig {

    @Bean
    public TokenStore jwtTokenStore(a) {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter(a) {
        JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
        accessTokenConverter.setSigningKey("entfrm"); // Symmetric encryption key
        return accessTokenConverter;
    }

    @Bean
    public TokenEnhancer tokenEnhancer(a) {
        return new JWTTokenEnhancer(); / / token}}Copy the code

JwtAccessTokenConverter: A subclass of TokenEnhancer that helps programs convert between jWT-encoded token values and OAuth authentication information. The symmetric encryption mode is used to define the token signature mode.

Increase JwtTokenEnhancer class

public class JWTTokenEnhancer implements TokenEnhancer {

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        Map<String, Object> info = new HashMap<>();
        info.put("license"."entfrm");
        ((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(info);
        // Set the token expiration time to 120 minutes
        Calendar nowTime = Calendar.getInstance();
        nowTime.add(Calendar.MINUTE, 120);
        ((DefaultOAuth2AccessToken) oAuth2AccessToken).setExpiration(nowTime.getTime());
        returnoAuth2AccessToken; }}Copy the code

Rewrite TokenEnhancer’s Enhance method to implement key field injection into JWT on a personal basis for easy use by resource servers. You can also define the token expiration time here.

New AuthorizationServerConfig class, inheritance AuthorizationServerConfigurerAdapter

@Configuration
@AllArgsConstructor
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private final AuthenticationManager authenticationManager;
    private final EntfrmUserDetailService userDetailService;
    private final TokenStore jwtTokenStore;
    private final JwtAccessTokenConverter jwtAccessTokenConverter;
    private final TokenEnhancer tokenEnhancer;
    private final DataSource dataSource;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
        List<TokenEnhancer> enhancers = new ArrayList<>();
        enhancers.add(tokenEnhancer);
        enhancers.add(jwtAccessTokenConverter);
        enhancerChain.setTokenEnhancers(enhancers);

        endpoints.authenticationManager(authenticationManager)
                .tokenStore(jwtTokenStore)
                .tokenEnhancer(enhancerChain)
                .accessTokenConverter(jwtAccessTokenConverter)
                .userDetailsService(userDetailService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);// Allow GET and POST requests to obtain tokens, i.e. access endpoint: oauth/token

        endpoints.reuseRefreshTokens(true);Oauth2 Login exception handling
        endpoints.exceptionTranslator(new EntfrmWebResponseExceptionTranslator());Oauth2 Login exception handling
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
        oauthServer
                .checkTokenAccess("isAuthenticated()")
                .allowFormAuthenticationForClients();// Allow form authentication
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetails());
    }

    @Bean
    public ClientDetailsService clientDetails(a) {
        return new JdbcClientDetailsService(dataSource);// The client configuration uses JDBC database storage}}Copy the code

The tokenEnhancer method of endPoints requires us to provide a Token enhancer chain object TokenEnhancerChain, so we need to add our rewritten tokenEnhancer and jwtAccessTokenConverter into the chain. Then put endPoints. At the same time, we put the client configuration into the JDBC database to facilitate the extension of a variety of clients. Here we need to create a table oauth_client_details in the database. The SQL script for the table is as follows:

CREATE TABLE `oauth_client_details`  (
  `client_id` varchar(48) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL.`resource_ids` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`client_secret` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`scope` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`authorized_grant_types` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`web_server_redirect_uri` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`authorities` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`access_token_validity` int(11) NULL DEFAULT NULL.`refresh_token_validity` int(11) NULL DEFAULT NULL.`additional_information` varchar(4096) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL.`autoapprove` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  PRIMARY KEY (`client_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
Copy the code

That’s the OAuth authorization server configuration.

Start the project to see the effect

From the figure, we can see that the returned token carries the extended information license and authorization information that we added.

The source address

Download source code to follow me