oauth spring身份驗證移動寧靜api

Question

我想建立一個連接到我的後端mysql數據庫的寧靜api。

基本上我想要移動設備的www.mydomain.com/mobile/details調用來發送帶有訪問令牌的頭部，如果它已經從mysql數據庫中保存的用戶名和密碼進行認證，如果它沒有得到請求令牌並重新驗證應用程序。

希望有人能指出我如何我還可以訪問令牌存儲在數據庫中，因此用戶不必每次使用應用程序

這裏的時間重新進行身份驗證是我的security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns:="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:context="http://www.springframework.org/schema/context" 
xmlns:oauth="http://www.springframework.org/schema/security/oauth2" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans.xsd 
         http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd 
         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

<http pattern="/oauth/token" create-session="stateless" 
    authentication-manager-ref="clientAuthenticationManager"> 
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> 
    <anonymous enabled="false" /> 
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" /> 
    <custom-filter ref="clientCredentialsTokenEndpointFilter" 
     after="BASIC_AUTH_FILTER" /> 
    <access-denied-handler ref="oauthAccessDeniedHandler" /> 
</http> 

<http pattern="/mobile/**" create-session="never" 
    entry-point-ref="oauthAuthenticationEntryPoint" 
    access-decision-manager-ref="accessDecisionManager"> 
    <anonymous enabled="false" /> 
    <intercept-url pattern="/mobile/**" access="ROLE_USER" /> 
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> 
    <access-denied-handler ref="oauthAccessDeniedHandler" /> 
</http> 

<authentication-manager id="clientAuthenticationManager"> 
    <authentication-provider user-service-ref="clientDetailsUserService" /> 
</authentication-manager> 

<authentication-manager> 
    <authentication-provider user-service-ref="authenticationServiceImpl" /> 
</authentication-manager> 

<beans:bean id="clientDetailsUserService" 
    class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> 
    <beans:constructor-arg ref="clientDetails" /> 
</beans:bean> 

<beans:bean id="oauthAuthenticationEntryPoint" 
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
    <beans:property name="realmName" value="mobile" /> 
</beans:bean> 

<beans:bean id="clientAuthenticationEntryPoint" 
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
    <beans:property name="realmName" value="mobile" /> 
    <beans:property name="typeName" value="Basic" /> 
</beans:bean> 

<beans:bean id="oauthAccessDeniedHandler" 
    class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> 

<beans:bean id="clientCredentialsTokenEndpointFilter" 
    class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> 
    <beans:property name="authenticationManager" ref="clientAuthenticationManager" /> 
</beans:bean> 

<oauth:client-details-service id="clientDetails"> 
    <oauth:client client-id="mobile" resource-ids="introround" 
     authorized-grant-types="authorization_code,client_credentials" 
     authorities="ROLE_USER" scope="read,write" secret="secret" /> 
</oauth:client-details-service> 

<beans:bean id="tokenStore" 
    class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" /> 

<beans:bean id="tokenServices" 
    class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> 
    <beans:property name="tokenStore" ref="tokenStore" /> 
    <beans:property name="supportRefreshToken" value="true" /> 
    <beans:property name="clientDetailsService" ref="clientDetails" /> 
</beans:bean> 

<beans:bean id="userApprovalHandler" 
    class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler"> 
    <beans:property name="tokenServices" ref="tokenServices" /> 
</beans:bean> 

<beans:bean id="accessDecisionManager" 
    class="org.springframework.security.access.vote.UnanimousBased"> 
    <beans:constructor-arg> 
     <beans:list> 
      <beans:bean 
       class="org.springframework.security.oauth2.provider.vote.ScopeVoter" /> 
      <beans:bean class="org.springframework.security.access.vote.RoleVoter" /> 
      <beans:bean 
       class="org.springframework.security.access.vote.AuthenticatedVoter" /> 
     </beans:list> 
    </beans:constructor-arg> 
</beans:bean> 

<oauth:resource-server id="resourceServerFilter" 
    resource-id="mobile" token-services-ref="tokenServices" /> 

<oauth:authorization-server 
    client-details-service-ref="clientDetails" token-services- ref="tokenServices" 
    user-approval-handler-ref="userApprovalHandler"> 
    <oauth:authorization-code /> 
    <oauth:implicit /> 
    <oauth:refresh-token /> 
    <oauth:client-credentials /> 
    <oauth:password /> 
</oauth:authorization-server> 

</beans:beans> 

/OAuth的/令牌？grant_type = client_credentials & CLIENT_ID =移動& client_secret =祕密

{"access_token":"8bd477f8-c48b-4ef2-bd3a-88c4e1c10b61","token_type":"bearer","expires_in":43199,"scope":"read write"} 

個獲取introround.com/mobile/details得到這個響應的認證對象未在未經授權的SecurityContext發現 -

Answer 1

您有權訪問你的資源爲：

http://yourserver.com/protected_resource?access_token= {你這裏的access_token}。

每次。

當您的訪問令牌到期時，您必須使用刷新令牌生成一個新的令牌並使用新生成的訪問令牌。