在客户端Spring Boot应用程序上配置自定义OAuth2AccessToken

授权服务器通常提供给您的标准JSON格式有一个名为"Expires_in"的属性,但现在我使用的是一个自动化服务器,它给我一个名为"Access_Token_Expires_in"的属性。因此,即使Access_Token过期,我的OAuth2AccessToken也总是返回isExpired to False,这是合理的,因为它试图读取不存在的"Expires_in"属性。来自OAuth2AccessToken的getAdditionalInformation返回我的"Access_Token_Expires_In"属性值18000。

我想知道我是否可以告诉Spring使用"Access_Token_Expires_in"属性作为我的Access_Token的到期值?

我的代码:

@Configuration
class OAuth2RestConfiguration {
    @Bean
    protected OAuth2ProtectedResourceDetails resource() {

        final ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
        resourceDetails.setAccessTokenUri("<tokenUri>");
        resourceDetails.setClientId("<clientId>");
        resourceDetails.setClientSecret("<clientSecret>");

        return resourceDetails;
    }

    @Bean
    public OAuth2RestTemplate restTemplate() throws Exception {
        final AccessTokenRequest atr = new DefaultAccessTokenRequest();
        final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resource(),
                new DefaultOAuth2ClientContext(atr));

        return oAuth2RestTemplate;
    }
}

授权服务器响应示例:

{
    "refresh_token_expires_in": 0,
    "access_token": "<access_token>",
    "access_token_expires_in": 18000,
    "token_type": "bearer"
}

编辑1: 作为一种解决办法,我扩展了OAuth2RestTemplate类并覆盖了getAccessToken方法:

public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {

    private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);

    private OAuth2ClientContext context;
    private Long LAST_RESET = getCurrentTimeSeconds();
    private Long FORCE_EXPIRATION;

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
        super(resource);
        this.context = super.getOAuth2ClientContext();
        this.FORCE_EXPIRATION = 10800L;
    }

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
            DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
        super(resource, defaultOAuth2ClientContext);
        this.context = defaultOAuth2ClientContext;
        this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
    }

    @Override
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {

        OAuth2AccessToken accessToken = context.getAccessToken();

        final Long diff = getCurrentTimeSeconds() - LAST_RESET;

        /* 
        Either use a hardcoded variable or use the value stored in
        context.getAccessToken().getAdditionalInformation().
        */
        if (diff > FORCE_EXPIRATION) {
            LOGGER.info("Access token has expired! Generating new one...");
            this.LAST_RESET = getCurrentTimeSeconds();
            context.setAccessToken(null);
            accessToken = acquireAccessToken(context);
        } else {
            accessToken = super.getAccessToken();
        }

        LOGGER.info("Access token: " + context.getAccessToken().getValue());

        return accessToken;
    }

    private Long getCurrentTimeSeconds() {
        return System.currentTimeMillis() / 1000L;
    }

}

现在是Bean:

@Bean
public OAuth2RestTemplate restTemplate() throws Exception {
    final AccessTokenRequest atr = new DefaultAccessTokenRequest();
    final OAuth2RestTemplate oAuth2RestTemplate = new CustomOAuth2RestTemplate(resource(),
            new DefaultOAuth2ClientContext(atr), 10800L); //example: 3h
    oAuth2RestTemplate.setRequestFactory(customRequestFactory());

    return oAuth2RestTemplate;
}

编辑2: 在我更彻底地分析了OAuth2RestTemplate类之后,需要进行代码重构:

public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {

    private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
    private Long LAST_RESET = getCurrentTimeSeconds();
    private Long FORCE_EXPIRATION;

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
        super(resource);
        this.FORCE_EXPIRATION = 10800L; //3h
    }

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
            DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
        super(resource, defaultOAuth2ClientContext);
        this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
    }

    @Override
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        final Long diff = getCurrentTimeSeconds() - LAST_RESET;

        /* 
        Either use a hardcoded variable or use the value stored in
        context.getAccessToken().getAdditionalInformation().
        */
        if (diff > FORCE_EXPIRATION) {
            LOGGER.info("Access token has expired! Generating new one...");
            this.LAST_RESET = getCurrentTimeSeconds();
            final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
            oAuth2ClientContext.setAccessToken(null);
            return acquireAccessToken(oAuth2ClientContext);
        }
        return super.getAccessToken();
    }

    private Long getCurrentTimeSeconds() {
        return System.currentTimeMillis() / 1000L;
    }

}

解决方案

我会将此作为答案发布,因为它工作得很好。添加的唯一内容是synchronized用于并发,因此永远不会请求多个访问令牌。

最终代码:

public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {

    private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
    private Long LAST_RESET = getCurrentTimeSeconds();
    private Long FORCE_EXPIRATION;

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
        super(resource);
        this.FORCE_EXPIRATION = 10800L; // 3h
    }

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
            DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
        super(resource, defaultOAuth2ClientContext);
        this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
    }

    @Override
    public synchronized OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        final Long diff = getCurrentTimeSeconds() - LAST_RESET;

        /*
         * Either use a hardcoded variable or use the value stored in
         * context.getAccessToken().getAdditionalInformation().
         */
        if (diff > FORCE_EXPIRATION) {
            LOGGER.info("Access token has expired! Generating new one...");
            this.LAST_RESET = getCurrentTimeSeconds();
            final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
            oAuth2ClientContext.setAccessToken(null);
            return acquireAccessToken(oAuth2ClientContext);
        }
        return super.getAccessToken();
    }

    private Long getCurrentTimeSeconds() {
        return System.currentTimeMillis() / 1000L;
    }

}

相关文章