问题
I want to deploy my REST API on a clustered environment. For that, I need to store my OAuth 2.0 tokens in a shared Token store. Currently I'm using Spring Security's InMemoryTokenStore, which can't be shared on multi node cluster. I'm planning to store tokens using Redis.
I found that the latest release of Spring-Security OAuth i.e. 2.8.0 provides RedisTokenStore also. I've some doubts regarding this:
What changes are required for using RedisTokenStore in the existing spring-security xml configuration. Currently I'm using InMemoryTokenStore.
How to make RedisTokenStore shareable with all nodes in the cluster.
Can I use a Redis cluster to store the tokens, in case yes How?
回答1:
About first question:
First, give you spring-security xml example about redis token store to reference
<!--Use Redis Token Store-->
<beans:bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore">
<beans:constructor-arg name="connectionFactory" ref="redisConnectionFactory"/>
</beans:bean>
<!--create redis connection factory and set db 1-->
<beans:bean id="redisConnectionFactory"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory">
<beans:property name="hostName" value="localhost"/>
<beans:property name="port" value="6379"/>
<beans:property name="password" value=""/>
<beans:property name="database" value="1"/>
</beans:bean>
Second, you need add spring data redis and jedis jar into your project, I use gradle, add items in dependencies like:
......
compile 'org.springframework.data:spring-data-redis:1.6.2.RELEASE'
compile 'redis.clients:jedis:2.8.0'
......
About sencond question:
If your all nodes of one cluster use one reids server or cluster, your access token will share among all nodes. You can check your redis db data, and track access process to verify this. So you don't worry about it.
来源:https://stackoverflow.com/questions/33755016/redis-token-store