From f7bf6312b10f81bb39bc908c1856ea93557aeb8e Mon Sep 17 00:00:00 2001
From: wanggeng <450292408@qq.com>
Date: Mon, 18 Jul 2022 17:25:55 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0OAUTH2=E5=8D=95=E7=82=B9?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95=E8=87=AA=E5=AE=9A=E4=B9=89=E7=B1=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../OAuth2AuthorizationServerConfig.java      |  5 +-
 .../endpoint/OAuth2ClientTokenEndpoint.java   |  7 +-
 .../OAuth2AuthorizationCodeGranter.java       | 85 +++++++++++++++++++
 3 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100644 login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/generator/OAuth2AuthorizationCodeGranter.java

diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java
index fcb2abb8..828faaa7 100644
--- a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java
+++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java
@@ -2,6 +2,7 @@ package ink.wgink.login.oauth2.server.config;
 
 import ink.wgink.login.base.service.user.UserDetailServiceImpl;
 import ink.wgink.login.oauth2.server.converter.UserAccessTokenConverter;
+import ink.wgink.login.oauth2.server.generator.OAuth2AuthorizationCodeGranter;
 import ink.wgink.login.oauth2.server.service.impl.OAuth2ClientDetailsServiceImpl;
 import ink.wgink.login.oauth2.server.service.impl.OAuth2ClientTokenServiceImpl;
 import ink.wgink.service.user.service.IUserService;
@@ -25,7 +26,6 @@ import org.springframework.security.oauth2.provider.approval.TokenStoreUserAppro
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
 import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
-import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
 import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
 import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
@@ -132,7 +132,8 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
         AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
         OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(oAuth2ClientDetailsService);
         List<TokenGranter> tokenGranters = new ArrayList<>();
-        tokenGranters.add(new AuthorizationCodeTokenGranter(oAuth2ClientTokenService, authorizationCodeServices, oAuth2ClientDetailsService, requestFactory));
+        // token
+        tokenGranters.add(new OAuth2AuthorizationCodeGranter(oAuth2ClientTokenService, authorizationCodeServices, oAuth2ClientDetailsService, requestFactory));
         tokenGranters.add(new RefreshTokenGranter(oAuth2ClientTokenService, oAuth2ClientDetailsService, requestFactory));
         ImplicitTokenGranter implicit = new ImplicitTokenGranter(oAuth2ClientTokenService, oAuth2ClientDetailsService, requestFactory);
         tokenGranters.add(implicit);
diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/endpoint/OAuth2ClientTokenEndpoint.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/endpoint/OAuth2ClientTokenEndpoint.java
index 6495403c..0f454fc0 100644
--- a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/endpoint/OAuth2ClientTokenEndpoint.java
+++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/endpoint/OAuth2ClientTokenEndpoint.java
@@ -2,6 +2,8 @@ package ink.wgink.login.oauth2.server.endpoint;
 
 import ink.wgink.login.oauth2.server.exceptions.OAuth2ClientBadClientCredentialsException;
 import ink.wgink.login.oauth2.server.service.impl.OAuth2ClientDetailsServiceImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -38,7 +40,7 @@ import java.util.*;
  **/
 @Controller
 public class OAuth2ClientTokenEndpoint extends AbstractEndpoint {
-
+    private static final Logger LOG = LoggerFactory.getLogger(OAuth2ClientTokenEndpoint.class);
     private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
     private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
     @Autowired
@@ -65,6 +67,9 @@ public class OAuth2ClientTokenEndpoint extends AbstractEndpoint {
     @RequestMapping(value = "/oauth2_client/token", method = RequestMethod.POST)
     public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal,
                                                              @RequestParam Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
+        parameters.forEach((k, v) -> {
+            LOG.debug("{}:{}", k, v);
+        });
         if (!(principal instanceof Authentication)) {
             throw new InsufficientAuthenticationException("无客户端身份验证。尝试添加适当的身份验证筛选器。");
         }
diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/generator/OAuth2AuthorizationCodeGranter.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/generator/OAuth2AuthorizationCodeGranter.java
new file mode 100644
index 00000000..738fd2a2
--- /dev/null
+++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/generator/OAuth2AuthorizationCodeGranter.java
@@ -0,0 +1,85 @@
+package ink.wgink.login.oauth2.server.generator;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
+import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
+import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
+import org.springframework.security.oauth2.common.util.OAuth2Utils;
+import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @ClassName: OAuth2AuthorizationCodeGenerator
+ * @Description: oauth2授权码登录生成器
+ * @Author: wanggeng
+ * @Date: 2022/7/12 17:20
+ * @Version: 1.0
+ */
+public class OAuth2AuthorizationCodeGranter extends AbstractTokenGranter {
+
+    private static final String GRANT_TYPE = "authorization_code";
+
+    private final AuthorizationCodeServices authorizationCodeServices;
+
+    public OAuth2AuthorizationCodeGranter(AuthorizationServerTokenServices tokenServices,
+                                          AuthorizationCodeServices authorizationCodeServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
+        this(tokenServices, authorizationCodeServices, clientDetailsService, requestFactory, GRANT_TYPE);
+    }
+
+    protected OAuth2AuthorizationCodeGranter(AuthorizationServerTokenServices tokenServices, AuthorizationCodeServices authorizationCodeServices,
+                                             ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {
+        super(tokenServices, clientDetailsService, requestFactory, grantType);
+        this.authorizationCodeServices = authorizationCodeServices;
+    }
+
+    @Override
+    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
+
+        Map<String, String> parameters = tokenRequest.getRequestParameters();
+        String authorizationCode = parameters.get("code");
+        String redirectUri = parameters.get(OAuth2Utils.REDIRECT_URI);
+
+        if (authorizationCode == null) {
+            throw new InvalidRequestException("An authorization code must be supplied.");
+        }
+
+        OAuth2Authentication storedAuth = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
+        if (storedAuth == null) {
+            throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
+        }
+
+        OAuth2Request pendingOAuth2Request = storedAuth.getOAuth2Request();
+        String redirectUriApprovalParameter = pendingOAuth2Request.getRequestParameters().get(
+                OAuth2Utils.REDIRECT_URI);
+
+        if ((redirectUri != null || redirectUriApprovalParameter != null)
+                && !pendingOAuth2Request.getRedirectUri().equals(redirectUri)) {
+            throw new RedirectMismatchException("Redirect URI mismatch.");
+        }
+
+        String pendingClientId = pendingOAuth2Request.getClientId();
+        String clientId = tokenRequest.getClientId();
+        if (clientId != null && !clientId.equals(pendingClientId)) {
+            // just a sanity check.
+            throw new InvalidClientException("Client ID mismatch");
+        }
+
+        Map<String, String> combinedParameters = new HashMap<String, String>(pendingOAuth2Request
+                .getRequestParameters());
+        // Combine the parameters adding the new ones last so they override if there are any clashe
+        combinedParameters.putAll(parameters);
+
+        OAuth2Request finalStoredOAuth2Request = pendingOAuth2Request.createOAuth2Request(combinedParameters);
+
+        Authentication userAuth = storedAuth.getUserAuthentication();
+
+        return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);
+
+    }
+}