Spring Boot OAuth 2 configuration with DB instead of inmemory

Question

Below code uses inmemory to save the tokens in session, is it possible to store the tokens in DB and retrieve it from the same ?

whether the below code will give performance issue?

@Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            // @formatter:off
            clients 
                .inMemory()
                    .withClient("clientapp")
                        .authorizedGrantTypes("password", "refresh_token")
                        .authorities("USER")
                        .scopes("read", "write")
                        .resourceIds(RESOURCE_ID)
                        .secret("123456");
                        /*.accessTokenValiditySeconds(2400)
                        .refreshTokenValiditySeconds(4800);*/
            // @formatter:on
        }

This repository has MongoDB implementation: https://github.com/caelwinner/spring-security-mongo — nurgasemetey, Sep 07 '16 at 10:35

score 0 · Answer 1 · answered Sep 07 '16 at 12:22

0

In memory will be faster than accessing data from database. But, if multiple clients are consuming this then it is better to have it in database instead of hard coding all the details in the Java file.

Refer this link for the tables required to store the client and other details. And you have to use .jdbc() method instead of .inMemory() in the client object to access the details from the database.

answered Sep 07 '16 at 12:22

Ravindra Devadiga

692
1
6
14

but when I use In memory, tokens will be cleared if I restart the server. again user have to enter the credentials to login. – Prithivi Raj Sep 07 '16 at 12:26
You need to create **JdbcTokenStore** with datasource reference and configure **AuthorizationServerEndpointsConfigurer** endpoint to use this token store. Also you have to crate "oauth_refresh_token" and "oauth_access_token" as given in the link above – Ravindra Devadiga Sep 07 '16 at 12:53
now I can access tokens from DB but I am getting the below exception once the token expires. **org.springframework.security.oauth2.provider.ClientAlreadyExistsException** when I refer the [link](https://github.com/spring-projects/spring-security-oauth/issues/420), they asked to remove **withClient()**. But I am not able to remove it from the project :( – Prithivi Raj Sep 08 '16 at 07:01
Why you are not able to remove from the project? – Ravindra Devadiga Sep 08 '16 at 08:55
when I remove **withClient()** method from the above code, it's throwing undefined exception on **authorizedGrantTypes()** method @ravindra Devadiga – Prithivi Raj Sep 08 '16 at 10:55
Have you created **oauth_client_details** table as it is mentioned in the link?? – Ravindra Devadiga Sep 08 '16 at 12:19
yeah created all the 7 tables in DB @Ravindra Devdiga – Prithivi Raj Sep 09 '16 at 05:35

Spring Boot OAuth 2 configuration with DB instead of inmemory

1 Answers1