在 nimbus-jose-jwt 中,lifespan 和 refreshTime 有什么区别?
类 DefaultJWKSetCache 有两个字段,lifespan 和 refreshTime.
来自 Java 文档 -
The class DefaultJWKSetCache of nimbus-jose-jwt has two fields, lifespan and refreshTime.
From Java docs -
lifespan - 缓存的 JWK 设置在过期之前的寿命,负数表示没有过期.
refreshTime - 之后的时间缓存的 JWK 集被标记为刷新,如果未指定则为负.应该短于或等于寿命.
lifespan - The lifespan of the cached JWK set before it expires, negative means no expiration.
refreshTime - The time after which the cached JWK set is marked for refresh, negative if not specified. Should be shorter or equal to the lifespan.
这两者有什么区别.是不是这个意思,
在 寿命到期 之后,缓存的 JWK 集将被逐出并再次从 jwks 远程 url 加载(说远程 url,因为我正在使用 RemoteJWKSet
).
刷新到期后,现有的 JWK 集将使用从远程 url 检索到的密钥进行更新.
What is the difference between these two.
Does it mean that,
after the lifespan expiry the cached JWK set will be evicted and loaded again from jwks remote url (saying remote url as i am using RemoteJWKSet
).
and after the refresh expiry the existing JWK set will be updated with the keys retrieved from remote url.
但我不明白两者之间的实际区别.两者似乎都在做同样的事情.有人可以更详细地解释细节和任何例子吗?
But i don't understand the practical difference between the two. Both seem to be doing same. Can some one explain the details with more granularity and any example.
编辑 - 如果我的生命周期没有到期,refreshTime 的到期时间为 1 小时,我是否保证我的密钥将每隔一小时更新一次.
Edit - if i give no expiry for lifespan, and 1 hour expiry for refreshTime, am i guaranteed that my keys will be updated every one hour.
推荐答案
lifespan 是 DefaultJWKSetCache 将驱逐缓存的 JWKSet
.即,在缓存填充后 生命周期时间单位 之后,对 JWKSetCache.get()
的调用将始终返回 null
直到新的 JWKSet
存储到缓存中.
The lifespan is the time after which the DefaultJWKSetCache will evict cached JWKSet
. I.e., after lifespan time units passed since the cache was populated the calls to JWKSetCache.get()
will always return null
until new JWKSet
is stored to the cache.
refreshTime 是影响 JWKSetCache.requiresRefresh()
方法返回值的时间.在缓存填充后经过 refreshTime 时间单位 后,此方法将返回 true
,否则将返回 false
.此设置不会以任何方式影响缓存行为.
The refreshTime is the time that impacts value returned by JWKSetCache.requiresRefresh()
method. After refreshTime time units passed since the cache was populated this method will return true
, otherwise, it will return false
. This setting does not impact cache behavior in any way.
RemoteJWKSet 使用 JWKSetCache.requiresRefresh()
返回的值在缓存实际过期之前从远程 URL 重新下载 JWKSet
.这就是为什么文档建议将 refreshTime 设置为小于 lifespan 的值.
The RemoteJWKSet uses the value returned by JWKSetCache.requiresRefresh()
to re-download JWKSet
from remote URL before the cache is actually expired. This is why documentation recommends to set refreshTime to a lesser value than lifespan.
目前,RemoteJWKSet
在 lifespan 或 refreshTime 已过时触发远程 JWKSet
的下载(请参阅 这条线.)因此,从今天开始,设置其中任何一个都没有太大区别.我猜想可以通过将这两个值分开来实现一些更复杂的逻辑.
Currently, RemoteJWKSet
triggers download of remote JWKSet
when either lifespan or refreshTime has passed (see this line.) Hence, there is not much difference in setting either one of these as of today. I guess some more complex logic can be potentially implemented having these two values separate.
相关文章