TransWikia.com

Configure JWT token expire time when JdbcStore is used

Stack Overflow Asked by Peter Penzov on February 15, 2021

I’m trying to implement Spring Security with OAuth2 using JWT with jdbcTokenStore:

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setAccessTokenValiditySeconds(60);
        defaultTokenServices.setRefreshTokenValiditySeconds(80);
        defaultTokenServices.setReuseRefreshToken(false);
        return defaultTokenServices;
    }

Github

But after I create Token using Postman I get always value:

{
    "access_token": "....",
    "token_type": "bearer",
    "refresh_token": "....",
    "expires_in": 41502,
    "scope": "read",
    "organization": "admin Drivelog",
    "jti": "2f33707a-30e3-4145-9d9d-7c2e4a4535dd"
}

Do ypi know how to configure Access token expire time. For some reason setAccessTokenValiditySeconds is not working.

One Answer

You may have forgotten to configure your resourceserver to use the tokenservices, for example:

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Autowired
private ResourceServerTokenServices tokenServices;

@Autowired
private JwtAccessTokenConverter accessTokenConverter;

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.tokenServices(tokenServices);
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .requestMatchers()
        .and()
        .authorizeRequests()
        .antMatchers("/actuator/**", "/api-docs/**","/oauth/*").permitAll()
        .antMatchers("/jwttest/**" ).authenticated();
}
}

as found in https://medium.com/@dassum/securing-spring-boot-rest-api-with-json-web-token-and-jdbc-token-store-67558a7d6c29

Answered by Jan Peter on February 15, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP