3

I haven't been able to find the documentation for Spring-managed tokens, and how to cache them. The below code triggers an auth call to get the token EVERY time I call the remove service.

I'm using Spring OAuth with default configuration as follows:

@Bean(name="serviceRestTemplate")
public RestTemplate serviceRestTemplate(
    @Value("${authUri}") String authUri,
    @Value("${username}") String username,
    @Value("${password}") String password,
    @Value("${readTimeout}") int readTimeout,
    @Value("${connectTimeout}") int connectTimeout) {

ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
details.setAccessTokenUri(authUri);
    details.setClientId(username);
    details.setClientSecret(password);
RestTemplate restTemplate = new OAuth2RestTemplate(details, new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest());
}

My questions are:

  • What is the default behavior? / Is there any kind of caching with the above?
  • Can I enable token caching through Spring?
Andrei
  • 513
  • 2
  • 8
  • 15
  • Did you reuse the `restTemplate` or did you create it again for every request? – dur Sep 26 '17 at 21:48
  • I reuse it. (It's created as a `@Bean` in the ApplicationContext) – Andrei Sep 26 '17 at 22:28
  • 1
    If you reuse `restTemplate`, the token should be cached, see [OAuth 2 Developers Guide](http://projects.spring.io/spring-security-oauth/docs/oauth2.html). What scope do you use? – dur Sep 27 '17 at 11:48
  • I'm not actually setting a scope. Maybe that's the problem? Thanks for the guide link! The client token caching section is a bit brief, but I'll see what I can figure out. – Andrei Sep 27 '17 at 20:08
  • Oh, nope, it looks like this won't work out of the box? I have to implement `ClientTokenServices` and provide it to the rest template in order for it to work? – Andrei Sep 27 '17 at 20:52
  • 1
    Could you check, if the token is saved in `DefaultOAuth2ClientContext` after executing the first request? – dur Sep 27 '17 at 21:42
  • This looks to be a duplicate of [OAuth2RestTemplate - Client Side Caching](https://stackoverflow.com/questions/53418928) which, though was asked later, received a good answer. – Patrick M Mar 15 '19 at 00:10

0 Answers0