使用jwt存储Token

auth-service/src/main/java/com/test/config/OAuth2Configuration.java

@@ -9,6 +9,10 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.A
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 
 import javax.annotation.Resource;
 
@@ -25,8 +29,30 @@ public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
 
     private final BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
     @Resource
+    TokenStore store;
+    @Resource
+    JwtAccessTokenConverter converter;
+    @Resource
+    UserDetailsService service;
+    @Resource
     private AuthenticationManager manager;
 
+    private AuthorizationServerTokenServices serverTokenServices() {  //这里对AuthorizationServerTokenServices进行一下配置
+        DefaultTokenServices services = new DefaultTokenServices();
+        services.setSupportRefreshToken(true);   //允许Token刷新
+        services.setTokenStore(store);   //添加刚刚的TokenStore
+        services.setTokenEnhancer(converter);   //添加Token增强，其实就是JwtAccessTokenConverter，增强是添加一些自定义的数据到JWT中
+        return services;
+    }
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        endpoints
+                .tokenServices(serverTokenServices())   //设定为刚刚配置好的AuthorizationServerTokenServices
+                .userDetailsService(service)
+                .authenticationManager(manager);
+    }
+
     /**
      * 这个方法是对客户端进行配置，一个验证服务器可以预设很多个客户端，
      * 之后这些指定的客户端就可以按照下面指定的方式进行验证
@@ -53,14 +79,4 @@ public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
                 .allowFormAuthenticationForClients()  //允许客户端使用表单验证，一会我们POST请求中会携带表单信息
                 .checkTokenAccess("permitAll()");     //允许所有的Token查询请求
     }
-
-    @Resource
-    UserDetailsService service;
-
-    @Override
-    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
-        endpoints
-                .userDetailsService(service)
-                .authenticationManager(manager);
-    }
 }

auth-service/src/main/java/com/test/config/SecurityConfiguration.java

@@ -8,6 +8,9 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 
 /**
  * ClassName: SecurityConfiguration
@@ -44,4 +47,16 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected UserDetailsService userDetailsService() {
         return super.userDetailsService();
     }
+
+    @Bean
+    public JwtAccessTokenConverter tokenConverter() {  //Token转换器，将其转换为JWT
+        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        converter.setSigningKey("lbwnb");   //这个是对称密钥，一会资源服务器那边也要指定为这个
+        return converter;
+    }
+
+    @Bean
+    public TokenStore tokenStore(JwtAccessTokenConverter converter) {  //Token存储方式现在改为JWT存储
+        return new JwtTokenStore(converter);  //传入刚刚定义好的转换器
+    }
 }