1

我面临一个问题,我认为我的访问令牌需要一个滑动到期时间。我在 glassfish 服务器上运行,使用org.keycloak.adapters.servlet.KeycloakOIDCFilter来检查所有请求。我设置的过滤器检查 AccessToken 并通过确保令牌没有过期来询问访问:

KeycloakSecurityContext kc = (KeycloakSecurityContext) req
            .getAttribute(KeycloakSecurityContext.class.getName());

AccessToken token = RSATokenVerifier.create(kc.getIdTokenString()).getToken();
if(token.isExpired()) {
  response.redirect("logout url");
}

这工作正常。但是,在我的应用程序中,我有一个屏幕,用户可以在其中花费长达一个小时输入信息,在这些屏幕上他们可能会在完成提供糟糕的用户体验之前被踢出。在某些情况下,正在进行 ajax 调用并且响应设置为重定向到导致不良行为的注销页面。

我真的认为我需要始终检查过期,但我不确定如何在过期时请求新令牌。我很感激我能得到的任何帮助。谢谢!

这些是我的令牌设置 在此处输入图像描述

4

2 回答 2

2

您还需要有权访问刷新令牌。访问令牌过期后,您几乎无能为力。我将在下面的应用程序中留下一个示例。

URL url = new URL(keycloakRootURL + "/realms/" + realmName + "/protocol/openid-connect/token");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();

        conn.setRequestProperty("Authorization", "Basic " + clientSecret);
        conn.setReadTimeout(10000);
        conn.setConnectTimeout(15000);
        conn.setRequestMethod("POST");
        conn.setDoInput(true);
        conn.setDoOutput(true);
        String data = "grant_type=refresh_token&refresh_token=" + refreshToken;
        try (OutputStream os = conn.getOutputStream(); BufferedWriter writer = new BufferedWriter(
                new OutputStreamWriter(os, "UTF-8"))) {
            writer.write(data);
            writer.flush();
        }

        conn.connect();
        StringBuilder responseStr;
        try (BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()))) {
            String inputLine;
            responseStr = new StringBuilder();
            while ((inputLine = in.readLine()) != null) {
                responseStr.append(inputLine);
            }
        }
        Object obj = parser.parse(responseStr.toString());
        JSONObject result = (JSONObject) obj;

        accessCreationTime = System.nanoTime();
        return (String) result.get("access_token");
于 2018-05-03T14:14:35.047 回答
0

注销工作正常keycloak:

public static void keycloakLogout(HttpServletRequest request, HttpSession session) {

    SerializableKeycloakAccount keycloakAccount = (SerializableKeycloakAccount) session
            .getAttribute(KeycloakAccount.class.getName());
    if (keycloakAccount != null && keycloakAccount instanceof SerializableKeycloakAccount) {
        RefreshableKeycloakSecurityContext ksc = keycloakAccount.getKeycloakSecurityContext();
        KeycloakDeployment deployment = ksc.getDeployment();
        // KeycloakDeployment deployment =
        // keycloakAccount.getKeycloakSecurityContext().getDeployment();
        if (deployment != null) {
            ksc.logout(deployment);
            // keycloakAccount.getKeycloakSecurityContext().logout(deployment);
            request.removeAttribute(KeycloakSecurityContext.class.getName());
            session.removeAttribute(TOKEN_KEY);
        }
    }
}

在登录时设置 TOKEN_KEY。

session.setAttribute(TOKEN_KEY, keycloakToken);

于 2021-05-12T07:10:17.750 回答