在 nimbus-jose-jwt 中,lifespan 和 refreshTime 有什么区别?

In nimbus-jose-jwt, what is difference between lifespan and refreshTime?(在 nimbus-jose-jwt 中,lifespan 和 refreshTime 有什么区别?)
本文介绍了在 nimbus-jose-jwt 中,lifespan 和 refreshTime 有什么区别?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

类 DefaultJWKSetCache 有两个字段,lifespan 和 refreshTime.
来自 Java 文档 -

The class DefaultJWKSetCache of nimbus-jose-jwt has two fields, lifespan and refreshTime.
From Java docs -

lifespan - 缓存的 JWK 设置在过期之前的寿命,负数表示没有过期.
refreshTime - 之后的时间缓存的 JWK 集被标记为刷新,如果未指定则为负.应该短于或等于寿命.

lifespan - The lifespan of the cached JWK set before it expires, negative means no expiration.
refreshTime - The time after which the cached JWK set is marked for refresh, negative if not specified. Should be shorter or equal to the lifespan.

这两者有什么区别.是不是这个意思,
寿命到期 之后,缓存的 JWK 集将被逐出并再次从 jwks 远程 url 加载(说远程 url,因为我正在使用 RemoteJWKSet).
刷新到期后,现有的 JWK 集将使用从远程 url 检索到的密钥进行更新.

What is the difference between these two. Does it mean that,
after the lifespan expiry the cached JWK set will be evicted and loaded again from jwks remote url (saying remote url as i am using RemoteJWKSet).
and after the refresh expiry the existing JWK set will be updated with the keys retrieved from remote url.

但我不明白两者之间的实际区别.两者似乎都在做同样的事情.有人可以更详细地解释细节和任何例子吗?

But i don't understand the practical difference between the two. Both seem to be doing same. Can some one explain the details with more granularity and any example.

编辑 - 如果我的生命周期没有到期,refreshTime 的到期时间为 1 小时,我是否保证我的密钥将每隔一小时更新一次.

Edit - if i give no expiry for lifespan, and 1 hour expiry for refreshTime, am i guaranteed that my keys will be updated every one hour.

推荐答案

lifespan 是 DefaultJWKSetCache 将驱逐缓存的 JWKSet.即,在缓存填充后 生命周期时间单位 之后,对 JWKSetCache.get() 的调用将始终返回 null 直到新的 JWKSet 存储到缓存中.

The lifespan is the time after which the DefaultJWKSetCache will evict cached JWKSet. I.e., after lifespan time units passed since the cache was populated the calls to JWKSetCache.get() will always return null until new JWKSet is stored to the cache.

refreshTime 是影响 JWKSetCache.requiresRefresh() 方法返回值的时间.在缓存填充后经过 refreshTime 时间单位 后,此方法将返回 true,否则将返回 false.此设置不会以任何方式影响缓存行为.

The refreshTime is the time that impacts value returned by JWKSetCache.requiresRefresh() method. After refreshTime time units passed since the cache was populated this method will return true, otherwise, it will return false. This setting does not impact cache behavior in any way.

RemoteJWKSet 使用 JWKSetCache.requiresRefresh() 返回的值在缓存实际过期之前从远程 URL 重新下载 JWKSet.这就是为什么文档建议将 refreshTime 设置为小于 lifespan 的值.

The RemoteJWKSet uses the value returned by JWKSetCache.requiresRefresh() to re-download JWKSet from remote URL before the cache is actually expired. This is why documentation recommends to set refreshTime to a lesser value than lifespan.

目前,RemoteJWKSetlifespanrefreshTime 已过时触发远程 JWKSet 的下载(请参阅 这条线.)因此,从今天开始,设置其中任何一个都没有太大区别.我猜想可以通过将这两个值分开来实现一些更复杂的逻辑.

Currently, RemoteJWKSet triggers download of remote JWKSet when either lifespan or refreshTime has passed (see this line.) Hence, there is not much difference in setting either one of these as of today. I guess some more complex logic can be potentially implemented having these two values separate.

这篇关于在 nimbus-jose-jwt 中,lifespan 和 refreshTime 有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

Reliable implementation of PBKDF2-HMAC-SHA256 for JAVA(PBKDF2-HMAC-SHA256 for JAVA 的可靠实现)
Correct way to sign and verify signature using bouncycastle(使用 bouncycastle 签名和验证签名的正确方法)
Creating RSA Public Key From String(从字符串创建 RSA 公钥)
Why java.security.NoSuchProviderException No such provider: BC?(为什么 java.security.NoSuchProviderException 没有这样的提供者:BC?)
Generating X509 Certificate using Bouncy Castle Java(使用 Bouncy Castle Java 生成 X509 证书)
How can I get a PublicKey object from EC public key bytes?(如何从 EC 公钥字节中获取 PublicKey 对象?)