在客户端 Spring Boot 应用程序上配置自定义 OAuth2AccessToken

授权服务器通常为您提供的标准 JSON 格式有一个名为“expires_in”的属性，但现在我正在使用一个授权服务器，它为我提供了一个名为“access_token_expires_in”的属性。因此，即使 access_token 已过期，我的 OAuth2AccessToken 也始终将 isExpired 返回为 false，这很有意义，因为它试图读取不存在的“expires_in”属性。 OAuth2AccessToken 的 getAdditionalInformation 返回我的“access_token_expires_in”属性值，值为 18000。

我想知道是否可以告诉 spring 使用“access_token_expires_in”属性作为我的 access_token 的过期值？

My code:

@Configuration
class OAuth2RestConfiguration {
    @Bean
    protected OAuth2ProtectedResourceDetails resource() {

        final ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
        resourceDetails.setAccessTokenUri("<tokenUri>");
        resourceDetails.setClientId("<clientId>");
        resourceDetails.setClientSecret("<clientSecret>");

        return resourceDetails;
    }

    @Bean
    public OAuth2RestTemplate restTemplate() throws Exception {
        final AccessTokenRequest atr = new DefaultAccessTokenRequest();
        final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resource(),
                new DefaultOAuth2ClientContext(atr));

        return oAuth2RestTemplate;
    }
}

授权服务器响应示例：

{
    "refresh_token_expires_in": 0,
    "access_token": "<access_token>",
    "access_token_expires_in": 18000,
    "token_type": "bearer"
}

EDIT 1:作为解决方法，我扩展了 OAuth2RestTemplate 类并重写 getAccessToken 方法：

public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {

    private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);

    private OAuth2ClientContext context;
    private Long LAST_RESET = getCurrentTimeSeconds();
    private Long FORCE_EXPIRATION;

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
        super(resource);
        this.context = super.getOAuth2ClientContext();
        this.FORCE_EXPIRATION = 10800L;
    }

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
            DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
        super(resource, defaultOAuth2ClientContext);
        this.context = defaultOAuth2ClientContext;
        this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
    }

    @Override
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {

        OAuth2AccessToken accessToken = context.getAccessToken();

        final Long diff = getCurrentTimeSeconds() - LAST_RESET;

        /* 
        Either use a hardcoded variable or use the value stored in
        context.getAccessToken().getAdditionalInformation().
        */
        if (diff > FORCE_EXPIRATION) {
            LOGGER.info("Access token has expired! Generating new one...");
            this.LAST_RESET = getCurrentTimeSeconds();
            context.setAccessToken(null);
            accessToken = acquireAccessToken(context);
        } else {
            accessToken = super.getAccessToken();
        }

        LOGGER.info("Access token: " + context.getAccessToken().getValue());

        return accessToken;
    }

    private Long getCurrentTimeSeconds() {
        return System.currentTimeMillis() / 1000L;
    }

}

现在是豆子：

@Bean
public OAuth2RestTemplate restTemplate() throws Exception {
    final AccessTokenRequest atr = new DefaultAccessTokenRequest();
    final OAuth2RestTemplate oAuth2RestTemplate = new CustomOAuth2RestTemplate(resource(),
            new DefaultOAuth2ClientContext(atr), 10800L); //example: 3h
    oAuth2RestTemplate.setRequestFactory(customRequestFactory());

    return oAuth2RestTemplate;
}

EDIT 2:在我更彻底地分析了OAuth2RestTemplate类之后，需要进行代码重构：

public class CustomOAuth2RestTemplate extends OAuth2RestTemplate {

    private static final Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2RestTemplate.class);
    private Long LAST_RESET = getCurrentTimeSeconds();
    private Long FORCE_EXPIRATION;

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
        super(resource);
        this.FORCE_EXPIRATION = 10800L; //3h
    }

    public CustomOAuth2RestTemplate(OAuth2ProtectedResourceDetails resource,
            DefaultOAuth2ClientContext defaultOAuth2ClientContext, Long forceExpiration) {
        super(resource, defaultOAuth2ClientContext);
        this.FORCE_EXPIRATION = Objects.requireNonNull(forceExpiration, "Please set expiration!");
    }

    @Override
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        final Long diff = getCurrentTimeSeconds() - LAST_RESET;

        /* 
        Either use a hardcoded variable or use the value stored in
        context.getAccessToken().getAdditionalInformation().
        */
        if (diff > FORCE_EXPIRATION) {
            LOGGER.info("Access token has expired! Generating new one...");
            this.LAST_RESET = getCurrentTimeSeconds();
            final OAuth2ClientContext oAuth2ClientContext = getOAuth2ClientContext();
            oAuth2ClientContext.setAccessToken(null);
            return acquireAccessToken(oAuth2ClientContext);
        }
        return super.getAccessToken();
    }

    private Long getCurrentTimeSeconds() {
        return System.currentTimeMillis() / 1000L;
    }

}

您可以通过实现添加自定义参数TokenEnhancer接口并重写其方法如下：

import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
public class CustomTokenEnhancer implements TokenEnhancer {

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        final Map<String, Object> additionalInfo = new HashMap<>();

//      additionalInfo.put("CUSTOM_PARAM1", "CUSTOM_VALUE1");
        additionalInfo.put("username", authentication.getPrincipal());//adding username param


        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
        return accessToken;
    }

}





@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends     
     AuthorizationServerConfigurerAdapter {

@Override
public void configure(final AuthorizationServerEndpointsConfigurer 
 endpoints) throws Exception {
    final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
    tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer()));
    endpoints.tokenStore(tokenStore)                
 .tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager);

}

@Bean
public TokenEnhancer tokenEnhancer() {
    return new CustomTokenEnhancer();
}

希望能帮助到你！