1.基本Token参数配置

1.1 将token配置存储到redis中

@Configuration
public class TokenStoreConfig {

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

    @Bean
    public TokenStore redisTokenStore(){
        return new RedisTokenStore(redisConnectionFactory);
    }
}

1.2配置认证服务器

@Configuration
@EnableAuthorizationServer
public class AuthenticationServer  extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private TokenStore tokenStore;


    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        InMemoryClientDetailsServiceBuilder clientBuilder  = clients.inMemory();

        if(ArrayUtils.isNotEmpty(securityProperties.getOauth().getClients())){
            for (OAuth2ClientProperties client: securityProperties.getOauth().getClients()){
                clientBuilder
                        .withClient(client.getId())
                        .secret(client.getSecret())
                        .accessTokenValiditySeconds(client.getTokenValiditySeconds())
                        .authorizedGrantTypes(client.getGrantTypes().split(",")).scopes(client.getScopes().split(","));
            }
        }


    }


    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.userDetailsService(userDetailsService)
                 .authenticationManager(authenticationManager)
                 .tokenStore(tokenStore);
    }
}

2.使用JWT替换默认的Token

2.1 什么是JWT

jwt是Json Web Token，是一个令牌的标准。

• 自包含 ，jwt的token包含了有意义的信息
• 密签
• 可扩展

3.扩展和解析JWT的信息

要扩展jwt的信息我们需要实现TokenEnhancer接口

package com.kjb.security.core.authentications.overlay;

import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;

/**
 * @author weid
 * 默认的Token加强器，主要是用来对Token信息的扩展
 * 默认情况下不做任何加强 主要是用来作为示例给其他参考
 */
public class DefaultJwtTokenEnhancer implements TokenEnhancer {

    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {

        /**
        Map<String,Object> info = new HashMap<>();
        info.put("company","XXXXX");
        ((DefaultOAuth2AccessToken)accessToken).setAdditionalInformation(info);
         */
        return accessToken;
    }
}

authentication中存储了认证的信息 ，我们可以根据注释掉的代码的形式将需要加强的数据添加到map中

• AuthorizationServerEndpointsConfigurer配置加强信息

 /**
     * 端点信息配置
     * @param endpoints
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.userDetailsService(userDetailsService)
                 .authenticationManager(authenticationManager)
                 .tokenStore(tokenStore);

        //此时采用的是jwt的形式，按照配置对access_token进行加强
        if(null!=jwtAccessTokenConverter&& null!=jwtTokenEnhancer){
            TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
            List<TokenEnhancer> enhancers = new ArrayList<>();
            enhancers.add(jwtTokenEnhancer);
            enhancers.add(jwtAccessTokenConverter);
            enhancerChain.setTokenEnhancers(enhancers);
            endpoints.tokenEnhancer(enhancerChain).accessTokenConverter(jwtAccessTokenConverter);
        }
    }