Shulou(Shulou.com)06/02 Report--

This article is to share with you about how to write the OAuth2.0 custom authorization code in SpringBootSecurity, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Use JDBC to maintain authorization codes

In the previous code, the first step in the test process is to obtain the authorization code, and then bring the authorization code to apply for the token. An example of the authorization code is as follows:

The generated authorization code defaults to 6 digits and does not do any management after it is generated. It can be said to be a temporary authorization code. Oauth3 also provides the function of managing the authorization code using jdbc. First, create a table oauth_code in the database:

Code: stores the value of the code generated by the server system (unencrypted)

Authentication: stores binary data after serializing AuthorizationRequestHolder.java objects.

Then create the bean JdbcAuthorizationCodeServices:

Finally, configure the authorizationCodeServices method in endpoints:

In this way, the configuration is complete. If we restart the project and apply for several more authorization codes, we can see that there are records of authorization codes in the database:

Modify the length of the authorization code

The authorization code is a 6-digit random string that some people may feel insecure and want to be longer. We can customize AuthorizationCodeServices:

In the original JdbcAuthorizationCodeServices, the authorization code was generated by its parent class RandomValueAuthorizationCodeServices, using the RandomValueStringGenerator class, whose default constructor uses a 6-bit length:

However, the class also contains constructors of custom length:

So we can customize the length in the custom class:

Then modify the custom bean to a custom class:

Take a look at the effect of the longer authorization code:

Let's take a look at the implementation classes of authorization code management:

Only memory mode and jdbc pattern, if you want to implement the redis pattern, you need to implement the interface or inherit the RandomValueAuthorizationCodeServices class, which is not demonstrated here.

The above is how to write the OAuth2.0 custom authorization code in SpringBootSecurity. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.