Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the steps to implement Spring's Token Store as a MySQL file?

Tags:

I have an application that currently uses the Spring OAuth 2.0 In Memory Token Store. I need to convert the Spring Security OAuth 2.0 JAR to use a persisted file rather than an in memory to ensure the access tokens are valid over server restarts. The Spring OAuth 2.0 JAR provides routines to support a MYSQL database using the JdbcTokenStore method, but I am unable to find any documentation that tells how to change the default configuration (which uses the InMemoryTokenStore method) to utilize the supported Jdbc method.

I'd like to hear from someone who has implemented the Spring Security OAuth 2.0 JdbcTokenStore method and that can either provide an example of the configuration required to do so or can point me to documentation that describes the process. I've searched high and low on the internet, but cannot find any such documentation.

I've already found the Spring Security OAuth 2.0 schema file for the Token Store, which if anyone is interested is only found in the Test Resource directory. It's presence is NOT documented by any of the Pivotal documentation website. If necessary, I can read through the rest of the Pivotal source code, but am hoping some one can save me from having to use this path.

Thanks in advance for any help you can provide.

like image 952
Donald F. Coffin Avatar asked Jan 06 '14 19:01

Donald F. Coffin


People also ask

Where is the JWT token store in spring boot?

It is stored in-memory by default.

What is JdbcTokenStore?

public class JdbcTokenStore extends Object implements TokenStore. Implementation of token services that stores tokens in a database.


2 Answers

You need to change the beans implementation class from InMemoryTokenStore to JdbcTokenStore. And with this change you'll also need to pass a datasource in the constructor.

I have already done this while fooling around with it. You can find it here

and the spring security config changes specifically here. The MySql schema is here

like image 112
anfab Avatar answered Oct 12 '22 01:10

anfab


This is how I did it.

Step 1: Create 2 tables (oauth_access_token and oauth_refresh_token)

CREATE TABLE `oauth_access_token` (
`authentication_id` varchar(255) NOT NULL,
`token_id` varchar(255) NOT NULL,
`token` blob NOT NULL,
`user_name` varchar(255) NOT NULL,
`client_id` varchar(255) NOT NULL,
`authentication` blob NOT NULL,
`refresh_token` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

ALTER TABLE `oauth_access_token`
ADD PRIMARY KEY (`authentication_id`);


CREATE TABLE `oauth_refresh_token` (
`token_id` varchar(255) NOT NULL,
`token` blob NOT NULL,
`authentication` blob NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Step 2: Configure AuthorizationServerConfig class

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private PasswordEncoder passwordEncoder;

@Autowired
private TokenStore tokenStore;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore);
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory().withClient("my-trusted-client")
            .authorizedGrantTypes("client_credentials", "password","refresh_token")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust")
            .resourceIds("oauth2-resource")
            .accessTokenValiditySeconds(5000)
            .refreshTokenValiditySeconds(50000)
            .secret(passwordEncoder.encode("secret"));
}

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.checkTokenAccess("isAuthenticated()");
}

}

Step 3:

@Configuration
public class AppConfig {

@Value("${spring.datasource.url}")
private String datasourceUrl;

@Value("${spring.datasource.driver-class-name}")
private String dbDriverClassName;

@Value("${spring.datasource.username}")
private String dbUsername;

@Value("${spring.datasource.password}")
private String dbPassword;

@Bean
public DataSource dataSource() {
    final DriverManagerDataSource dataSource = new DriverManagerDataSource();
    dataSource.setDriverClassName(dbDriverClassName);
    dataSource.setUrl(datasourceUrl);
    dataSource.setUsername(dbUsername);
    dataSource.setPassword(dbPassword);
    return dataSource;
}

@Bean
public TokenStore tokenStore() {
    return new JdbcTokenStore(dataSource());
}
}
like image 25
VK321 Avatar answered Oct 12 '22 00:10

VK321