Integrating Spring Authorization Server in PIG v3.5: Secure OAuth2 Migration Guide
This article explains how the PIG microservice platform v3.5 adds official Spring Authorization Server support, covering background, Java compatibility, Maven dependency configuration, extended grant types, Redis token storage, token formatting and enhancement, and customized resource server introspection for a seamless OAuth2 migration.
PIG Microservice Development Platform v3.5 released, officially supporting Spring Authorization Server
Background
Spring announced that Spring Security OAuth is no longer maintained.
Spring Authorization Server is now production‑ready.
Spring Boot 2.7 deprecates many Spring Security classes, making upgrade difficult.
Migration Process
① Java 1.8 Support
The latest SAS 0.3 is built on Java 11 and cannot run on lower versions.
After discussions with the Spring Security team, SAS 0.3.1 will remain compatible with Java 1.8.
We compiled a Java 1.8‑compatible version with the following Maven coordinates:
<code><dependency>
<groupId>io.springboot.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.3.0</version>
</dependency></code>② Grant Type Extensions
Added password grant support (SAS based on OAuth 2.1 does not include it).
Added SMS login support.
③ Redis Token Storage
Support for storing tokens in Redis.
The official project does not provide a Redis persistence solution.
PIG adds
PigRedisOAuth2AuthorizationServiceto enable it.
④ Token Output Formatting
Default implementation for introspection tokens.
<code>ku4R4n7YD1f584KXj4k_3GP9o-HbdY-PDIIh-twPVJTmvHa5mLIoifaNhbBvFNBbse6_wAMcRoOWuVs9qeBWpxQ5zIFrF1A4g1Q7LhVAfH1vo9Uc7WL3SP3u82j0XU5x</code>Default format includes a unified prefix for efficient Redis lookup and RDM grouping.
<code>统一前缀::令牌类型::客户端ID::用户名::uuid</code><code>@Bean
public OAuth2TokenGenerator oAuth2TokenGenerator() {
CustomeOAuth2AccessTokenGenerator accessTokenGenerator = new CustomeOAuth2AccessTokenGenerator();
// 注入Token 增加关联用户信息
accessTokenGenerator.setAccessTokenCustomizer(new CustomeOAuth2TokenCustomizer());
return new DelegatingOAuth2TokenGenerator(accessTokenGenerator, new OAuth2RefreshTokenGenerator());
}</code>⑤ Token Output Enhancement
Default introspection token JSON structure.
<code>{
"access_token": "xx",
"refresh_token": "xx",
"scope": "server",
"token_type": "Bearer",
"expires_in": 43199
}</code>Enhanced token includes user information.
<code>{
"sub": "admin",
"clientId": "test",
"access_token": "xx",
"refresh_token": "xx",
"license": "https://pig4cloud.com",
"user_info": {
"username": "admin",
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true,
"id": 1,
"deptId": 1,
"phone": "17034642999",
"name": "admin",
"attributes": {}
}
}</code>⑥ Authorization Code Customization
Inject custom confirm page.
Based on the authorization code flow for the development platform.
⑦ Resource Server Enhancements
Introspection extension supports local resource server queries.
Default resource server introspection mode.
Extended resource server local introspection.
Advantages: 1. Real‑time user status updates 2. Reduced network calls for better performance
Reference
[1] PIG Microservice: https://github.com/pig-mesh/pig
Java Architecture Diary
Committed to sharing original, high‑quality technical articles; no fluff or promotional content.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.