Tenlion/wg-basic
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加OAUTH2单点登录自定义类

Browse Source
This commit is contained in:
wanggeng 2022-07-18 17:25:55 +08:00
parent 057d717432
commit f7bf6312b1
3 changed files with 94 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java
View File

@ -2,6 +2,7 @@ package ink.wgink.login.oauth2.server.config;
import ink.wgink.login.base.service.user.UserDetailServiceImpl;
import ink.wgink.login.oauth2.server.converter.UserAccessTokenConverter;
import ink.wgink.login.oauth2.server.generator.OAuth2AuthorizationCodeGranter;
import ink.wgink.login.oauth2.server.service.impl.OAuth2ClientDetailsServiceImpl;
import ink.wgink.login.oauth2.server.service.impl.OAuth2ClientTokenServiceImpl;
import ink.wgink.service.user.service.IUserService;
@ -25,7 +26,6 @@ import org.springframework.security.oauth2.provider.approval.TokenStoreUserAppro
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
@ -132,7 +132,8 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(oAuth2ClientDetailsService);
List<TokenGranter> tokenGranters = new ArrayList<>();
tokenGranters.add(new AuthorizationCodeTokenGranter(oAuth2ClientTokenService, authorizationCodeServices, oAuth2ClientDetailsService, requestFactory));
// token
tokenGranters.add(new OAuth2AuthorizationCodeGranter(oAuth2ClientTokenService, authorizationCodeServices, oAuth2ClientDetailsService, requestFactory));
tokenGranters.add(new RefreshTokenGranter(oAuth2ClientTokenService, oAuth2ClientDetailsService, requestFactory));
ImplicitTokenGranter implicit = new ImplicitTokenGranter(oAuth2ClientTokenService, oAuth2ClientDetailsService, requestFactory);
tokenGranters.add(implicit);

7
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/endpoint/OAuth2ClientTokenEndpoint.java
View File

@ -2,6 +2,8 @@ package ink.wgink.login.oauth2.server.endpoint;
import ink.wgink.login.oauth2.server.exceptions.OAuth2ClientBadClientCredentialsException;
import ink.wgink.login.oauth2.server.service.impl.OAuth2ClientDetailsServiceImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
@ -38,7 +40,7 @@ import java.util.*;
**/
@Controller
public class OAuth2ClientTokenEndpoint extends AbstractEndpoint {
private static final Logger LOG = LoggerFactory.getLogger(OAuth2ClientTokenEndpoint.class);
private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
@Autowired
@ -65,6 +67,9 @@ public class OAuth2ClientTokenEndpoint extends AbstractEndpoint {
@RequestMapping(value = "/oauth2_client/token", method = RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal,
@RequestParam Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
parameters.forEach((k, v) -> {
LOG.debug("{}:{}", k, v);
});
if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException("无客户端身份验证。尝试添加适当的身份验证筛选器。");
}

85
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/generator/OAuth2AuthorizationCodeGranter.java Normal file
View File

@ -0,0 +1,85 @@
package ink.wgink.login.oauth2.server.generator;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import java.util.HashMap;
import java.util.Map;
/**
* @ClassName: OAuth2AuthorizationCodeGenerator
* @Description: oauth2授权码登录生成器
* @Author: wanggeng
* @Date: 2022/7/12 17:20
* @Version: 1.0
*/
public class OAuth2AuthorizationCodeGranter extends AbstractTokenGranter {
private static final String GRANT_TYPE = "authorization_code";
private final AuthorizationCodeServices authorizationCodeServices;
public OAuth2AuthorizationCodeGranter(AuthorizationServerTokenServices tokenServices,
AuthorizationCodeServices authorizationCodeServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
this(tokenServices, authorizationCodeServices, clientDetailsService, requestFactory, GRANT_TYPE);
}
protected OAuth2AuthorizationCodeGranter(AuthorizationServerTokenServices tokenServices, AuthorizationCodeServices authorizationCodeServices,
ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {
super(tokenServices, clientDetailsService, requestFactory, grantType);
this.authorizationCodeServices = authorizationCodeServices;
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = tokenRequest.getRequestParameters();
String authorizationCode = parameters.get("code");
String redirectUri = parameters.get(OAuth2Utils.REDIRECT_URI);
if (authorizationCode == null) {
throw new InvalidRequestException("An authorization code must be supplied.");
}
OAuth2Authentication storedAuth = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
if (storedAuth == null) {
throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
}
OAuth2Request pendingOAuth2Request = storedAuth.getOAuth2Request();
String redirectUriApprovalParameter = pendingOAuth2Request.getRequestParameters().get(
OAuth2Utils.REDIRECT_URI);
if ((redirectUri != null || redirectUriApprovalParameter != null)
&& !pendingOAuth2Request.getRedirectUri().equals(redirectUri)) {
throw new RedirectMismatchException("Redirect URI mismatch.");
}
String pendingClientId = pendingOAuth2Request.getClientId();
String clientId = tokenRequest.getClientId();
if (clientId != null && !clientId.equals(pendingClientId)) {
// just a sanity check.
throw new InvalidClientException("Client ID mismatch");
}
Map<String, String> combinedParameters = new HashMap<String, String>(pendingOAuth2Request
.getRequestParameters());
// Combine the parameters adding the new ones last so they override if there are any clashe
combinedParameters.putAll(parameters);
OAuth2Request finalStoredOAuth2Request = pendingOAuth2Request.createOAuth2Request(combinedParameters);
Authentication userAuth = storedAuth.getUserAuthentication();
return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);
}
}