从动态库加载 JWT 签名密钥

Question

我使用AuthorizationServerConfigurerAdapter 部署了一个授权服务器，用户和客户端是通过在数据库中收集所需信息的UserDetailsService 和ClientDetailsService 服务的实现来配置的。

@Configuration
@EnableAuthorizationServer
public class OAuth2JwtAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

        @Autowired
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;

        @Autowired
        private  UserDetailsService userDetailsService;

        @Autowired
        private AppClientDetailsService clientDetailsService;

        @Override
        public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
            oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
        }

        @Override
        public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {          
            clients.withClientDetails(clientDetailsService);
        }

        @Bean
        @Primary
        public DefaultTokenServices tokenServices() {
            final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
            defaultTokenServices.setTokenStore(tokenStore());
            defaultTokenServices.setSupportRefreshToken(true);
            return defaultTokenServices;
        }

        @Override
        public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
            tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));

            endpoints.tokenStore(tokenStore())
            .tokenEnhancer(tokenEnhancerChain)
            .reuseRefreshTokens(false)
            .userDetailsService(userDetailsService)
            .authenticationManager(authenticationManager);
        }

        @Bean
        public TokenStore tokenStore() {
            return new JwtTokenStore(accessTokenConverter());
        }

        @Bean
        public JwtAccessTokenConverter accessTokenConverter() {
            final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
            converter.setSigningKey("123");

            return converter;
        }

        @Bean
        public TokenEnhancer tokenEnhancer() {
            return new CustomTokenEnhancer();
        }

        @Bean
        public BCryptPasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }
}

授权服务器工作正常，但我希望动态加载accessTokenConverter ()方法中设置的签名密钥，当我收到新令牌的请求时，我会访问数据库并修改签名密钥这点并返回带有这个新修改签名的 JWT Token，它目前只是在应用程序启动的那一刻被配置。

Answer 1

您可以定义一个@Autowired JwtAccessTokenConverter 属性并随时修改其键

@Autowired
public JwtAccessTokenConverter tokenConverter;

public void setSigningKey(String key) {
    tokenConverter.setSigningKey(key);
}