token过期问题解决测试

flow-common/flow-common-oauth2-starter/pom.xml

@@ -48,6 +48,17 @@
             <artifactId>flow-common-redis-starter</artifactId>
             <version>0.0.1-SNAPSHOT</version>
         </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.36</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 
 </project>

flow-common/flow-common-oauth2-starter/src/main/java/com/flow/common/oauth2/configure/AuthorizationServerConfigure.java

@@ -1,5 +1,6 @@
 package com.flow.common.oauth2.configure;
 
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -34,11 +35,13 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 
 import javax.sql.DataSource;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 
 @Configuration
 @EnableAuthorizationServer
+@Slf4j
 public class AuthorizationServerConfigure extends AuthorizationServerConfigurerAdapter {
     private final AuthenticationManager authenticationManager;
     private final UserDetailsService userDetailsService;
@@ -98,19 +101,21 @@ public class AuthorizationServerConfigure extends AuthorizationServerConfigurerA
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints
-                //认证管理器
+                // 认证管理器
                 .authenticationManager(authenticationManager)
-                //用户信息
+                // 用户信息
                 .userDetailsService(userDetailsService)
                 .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
                 // 授权码管理策略，针对授权码模式有效，会将授权码放到 auth_code 表，授权后就会删除它
                 .authorizationCodeServices(jdbcAuthorizationCodeServices());
         // 使用redis的token方式
         endpoints
-                //token存储
+                // token存储
                 .tokenStore(tokenStore())
                 // 添加令牌增强器
                 .tokenEnhancer(customTokenEnhancer());
+        // 明确地设置自定义的 tokenServices
+        //.tokenServices(tokenServices());
 
 
         // 自定义异常转换类(替换oauth2默认返回格式，改成AjaxResponse统一格式)
@@ -154,12 +159,19 @@ public class AuthorizationServerConfigure extends AuthorizationServerConfigurerA
                         tokenStore.removeRefreshToken(existingAccessToken.getRefreshToken());
                     }
                 }*/
+
+                log.info("使用了自定义的方法");
                 return super.createAccessToken(authentication);
             }
         };
 
-        // 设置 Token 的有效期为一年（365 天 × 24 小时 × 60 分钟 × 60 秒）
-        tokenServices.setAccessTokenValiditySeconds(365 * 24 * 60 * 60);
+        // 设置 Access Token 有效期为 1 分钟
+        // 默认Access Token 有效期：2分钟
+        // tokenServices.setAccessTokenValiditySeconds(60);
+
+        // 设置 Refresh Token 有效期为 365 天
+        // 默认Refresh Token 有效期：7天
+        // tokenServices.setRefreshTokenValiditySeconds(60 * 60 * 24 * 365);
 
         // 请求回来的token都会变.但是请求的refresh token不会续期(false)或者重置为初始化时间(true)
         tokenServices.setReuseRefreshToken(true);
@@ -167,8 +179,8 @@ public class AuthorizationServerConfigure extends AuthorizationServerConfigurerA
         tokenServices.setSupportRefreshToken(true);
         tokenServices.setClientDetailsService(clientDetailsService);
         // token加强链
-        //TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
-        //tokenEnhancerChain.setTokenEnhancers(Lists.newArrayList(tokenEnhancer()));
+        // TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
+        // tokenEnhancerChain.setTokenEnhancers(Lists.newArrayList(tokenEnhancer()));
         tokenServices.setTokenEnhancer(customTokenEnhancer());
         // token存储
         tokenServices.setTokenStore(tokenStore());
@@ -180,6 +192,9 @@ public class AuthorizationServerConfigure extends AuthorizationServerConfigurerA
             list.add(provider);
             tokenServices.setAuthenticationManager(new ProviderManager(list));
         }
+
+        // tokenServices.setAccessTokenValiditySeconds(60);
+        log.info("tokenServices: {}", tokenServices);
         return tokenServices;
     }
 
@@ -199,6 +214,8 @@ public class AuthorizationServerConfigure extends AuthorizationServerConfigurerA
                     additionalInformation.put("clientId", authentication.getOAuth2Request().getClientId());
                     additionalInformation.put("resourceIds", authentication.getOAuth2Request().getResourceIds());
                     ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInformation);
+                    // 设置过期时间
+                    ((DefaultOAuth2AccessToken) accessToken).setExpiration(new Date(System.currentTimeMillis() + 30 * 1000));
                 }
                 return accessToken;
             }

flow-oauth/flow-oauth-biz/src/main/java/com/flow/service/impl/AuthServiceImpl.java

@@ -130,8 +130,8 @@ public class AuthServiceImpl implements AuthService {
             } catch (JSONException e) {
                 throw new BaseException("用户信息异常，请联系管理员");
             }
-            //long time = jsonObject.getLong("time");
-            //String type = jsonObject.getString("type");
+            // long time = jsonObject.getLong("time");
+            // String type = jsonObject.getString("type");
 
             // 判断时间戳是否过期
             // if (now - time < 10000) {
@@ -140,7 +140,7 @@ public class AuthServiceImpl implements AuthService {
             //
             // }
             if (StringUtils.isNotBlank(user)) {
-                 accessToken = loginByUsername(user);
+                accessToken = loginByUsername(user);
             }
         }
         return accessToken;
@@ -201,6 +201,9 @@ public class AuthServiceImpl implements AuthService {
 
         // 直接生成token
         OAuth2AccessToken token = tokenServices.createAccessToken(oauth2Authentication);
+
+        log.info("token 过期时间{}", token.getExpiration());
+        // OAuth2AccessToken token = tokenServices.tokenServices().createAccessToken(oauth2Authentication);
         return new AccessToken(token);
     }