From 1878de3be25bf06a8de2388c89b39f34e1f0889d Mon Sep 17 00:00:00 2001 From: smallchill Date: Fri, 28 Feb 2020 14:18:21 +0800 Subject: [PATCH] =?UTF-8?q?:zap:=20=E9=87=87=E7=94=A8=E6=9B=B4=E7=AE=80?= =?UTF-8?q?=E6=B4=81=E7=9A=84TokenGranter=E6=8B=93=E5=B1=95=E6=96=B9?= =?UTF-8?q?=E6=A1=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...BladeAuthorizationServerConfiguration.java | 28 +++- .../BladeTokenGranterConfiguration.java | 66 --------- .../auth/granter/BladeTokenGranter.java | 133 ++---------------- 3 files changed, 39 insertions(+), 188 deletions(-) delete mode 100644 blade-auth/src/main/java/org/springblade/auth/config/BladeTokenGranterConfiguration.java diff --git a/blade-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java b/blade-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java index 6af154a6..7df142d2 100644 --- a/blade-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java +++ b/blade-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java @@ -22,6 +22,7 @@ import org.springblade.auth.constant.AuthConstant; import org.springblade.auth.granter.BladeTokenGranter; import org.springblade.auth.props.AuthProperties; import org.springblade.auth.service.BladeClientDetailsServiceImpl; +import org.springblade.core.redis.cache.BladeRedisCache; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; @@ -32,9 +33,15 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.A import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.TokenGranter; +import org.springframework.security.oauth2.provider.token.TokenEnhancer; +import org.springframework.security.oauth2.provider.token.TokenEnhancerChain; import org.springframework.security.oauth2.provider.token.TokenStore; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import javax.sql.DataSource; +import java.util.ArrayList; +import java.util.List; /** * 认证服务器配置 @@ -56,14 +63,33 @@ public class BladeAuthorizationServerConfiguration extends AuthorizationServerCo private TokenStore tokenStore; - private BladeTokenGranter tokenGranter; + private TokenEnhancer jwtTokenEnhancer; + + private JwtAccessTokenConverter jwtAccessTokenConverter; + + private BladeRedisCache redisCache; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { + //获取自定义tokenGranter + TokenGranter tokenGranter = BladeTokenGranter.getTokenGranter(authenticationManager, endpoints, redisCache); + + //配置端点 endpoints.tokenStore(tokenStore) .authenticationManager(authenticationManager) .userDetailsService(userDetailsService) .tokenGranter(tokenGranter); + + //扩展token返回结果 + if (jwtAccessTokenConverter != null && jwtTokenEnhancer != null) { + TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); + List enhancerList = new ArrayList<>(); + enhancerList.add(jwtTokenEnhancer); + enhancerList.add(jwtAccessTokenConverter); + tokenEnhancerChain.setTokenEnhancers(enhancerList); + //jwt增强 + endpoints.tokenEnhancer(tokenEnhancerChain).accessTokenConverter(jwtAccessTokenConverter); + } } /** diff --git a/blade-auth/src/main/java/org/springblade/auth/config/BladeTokenGranterConfiguration.java b/blade-auth/src/main/java/org/springblade/auth/config/BladeTokenGranterConfiguration.java deleted file mode 100644 index e1b0fa10..00000000 --- a/blade-auth/src/main/java/org/springblade/auth/config/BladeTokenGranterConfiguration.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * Neither the name of the dreamlu.net developer nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * Author: Chill 庄骞 (smallchill@163.com) - */ -package org.springblade.auth.config; - -import lombok.AllArgsConstructor; -import org.springblade.auth.granter.BladeTokenGranter; -import org.springblade.auth.props.AuthProperties; -import org.springblade.core.redis.cache.BladeRedisCache; -import org.springblade.system.user.feign.IUserClient; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.oauth2.provider.token.TokenEnhancer; -import org.springframework.security.oauth2.provider.token.TokenStore; -import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; - -import javax.sql.DataSource; - -/** - * 自定义TokenGranter配置类 - * - * @author Chill - */ -@Configuration -@AllArgsConstructor -public class BladeTokenGranterConfiguration { - - private final DataSource dataSource; - - private AuthenticationManager authenticationManager; - - private UserDetailsService userDetailsService; - - private TokenStore tokenStore; - - private TokenEnhancer jwtTokenEnhancer; - - private JwtAccessTokenConverter jwtAccessTokenConverter; - - private AuthProperties authProperties; - - private IUserClient userClient; - - private BladeRedisCache redisCache; - - @Bean - public BladeTokenGranter bladeTokenGranter() { - return new BladeTokenGranter(dataSource, authenticationManager, userDetailsService, tokenStore, jwtTokenEnhancer, jwtAccessTokenConverter, authProperties, userClient, redisCache); - } - -} diff --git a/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java b/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java index 777280ee..55a62782 100644 --- a/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java +++ b/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java @@ -16,30 +16,12 @@ */ package org.springblade.auth.granter; -import org.springblade.auth.constant.AuthConstant; -import org.springblade.auth.props.AuthProperties; -import org.springblade.auth.service.BladeClientDetailsServiceImpl; import org.springblade.core.redis.cache.BladeRedisCache; -import org.springblade.system.user.feign.IUserClient; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.ProviderManager; -import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.*; -import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter; -import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; -import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter; -import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices; -import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter; -import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter; -import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter; -import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory; -import org.springframework.security.oauth2.provider.token.*; -import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; -import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; +import org.springframework.security.oauth2.provider.CompositeTokenGranter; +import org.springframework.security.oauth2.provider.TokenGranter; -import javax.sql.DataSource; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -49,109 +31,18 @@ import java.util.List; * * @author Chill */ -public class BladeTokenGranter implements TokenGranter { - - private final DataSource dataSource; - - private AuthenticationManager authenticationManager; - - private UserDetailsService userDetailsService; - - private TokenStore tokenStore; - - private TokenEnhancer jwtTokenEnhancer; - - private JwtAccessTokenConverter jwtAccessTokenConverter; - - private CompositeTokenGranter delegate; - - private AuthProperties authProperties; - - private IUserClient userClient; - - private BladeRedisCache redisCache; - - public BladeTokenGranter(DataSource dataSource, AuthenticationManager authenticationManager, UserDetailsService userDetailsService, TokenStore tokenStore, TokenEnhancer jwtTokenEnhancer, JwtAccessTokenConverter jwtAccessTokenConverter, AuthProperties authProperties, IUserClient userClient, BladeRedisCache redisCache) { - this.dataSource = dataSource; - this.authenticationManager = authenticationManager; - this.userDetailsService = userDetailsService; - this.tokenStore = tokenStore; - this.jwtTokenEnhancer = jwtTokenEnhancer; - this.jwtAccessTokenConverter = jwtAccessTokenConverter; - this.userClient = userClient; - this.authProperties = authProperties; - this.redisCache = redisCache; - } - - @Override - public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) { - if (delegate == null) { - delegate = new CompositeTokenGranter(getDefaultTokenGranters()); - } - return delegate.grant(grantType, tokenRequest); - } +public class BladeTokenGranter { /** - * 自定义授权模式 + * 自定义tokenGranter */ - private List getDefaultTokenGranters() { - ClientDetailsService clientDetails = clientDetailsService(); - AuthorizationServerTokenServices tokenServices = tokenServices(); - AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices(); - OAuth2RequestFactory requestFactory = requestFactory(); - - List tokenGranters = new ArrayList<>(); - tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails, requestFactory)); - tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory)); - ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory); - tokenGranters.add(implicit); - tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory)); - if (authenticationManager != null) { - tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetails, requestFactory)); - } - - // 自定义Granter - tokenGranters.add(new CaptchaTokenGranter(authenticationManager, tokenServices, clientDetails, requestFactory, redisCache)); - - return tokenGranters; - } - - private ClientDetailsService clientDetailsService() { - BladeClientDetailsServiceImpl clientDetailsService = new BladeClientDetailsServiceImpl(dataSource); - clientDetailsService.setSelectClientDetailsSql(AuthConstant.DEFAULT_SELECT_STATEMENT); - clientDetailsService.setFindClientDetailsSql(AuthConstant.DEFAULT_FIND_STATEMENT); - return clientDetailsService; - } - - private AuthorizationCodeServices authorizationCodeServices() { - return new InMemoryAuthorizationCodeServices(); - } - - private OAuth2RequestFactory requestFactory() { - return new DefaultOAuth2RequestFactory(clientDetailsService()); - } - - private DefaultTokenServices tokenServices() { - DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); - defaultTokenServices.setTokenStore(tokenStore); - defaultTokenServices.setSupportRefreshToken(true); - TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); - List enhancerList = new ArrayList<>(); - enhancerList.add(jwtTokenEnhancer); - enhancerList.add(jwtAccessTokenConverter); - tokenEnhancerChain.setTokenEnhancers(enhancerList); - defaultTokenServices.setTokenEnhancer(tokenEnhancerChain); - defaultTokenServices.setClientDetailsService(clientDetailsService()); - addUserDetailsService(defaultTokenServices, userDetailsService); - return defaultTokenServices; - } - - private void addUserDetailsService(DefaultTokenServices tokenServices, UserDetailsService userDetailsService) { - if (userDetailsService != null) { - PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider(); - provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(userDetailsService)); - tokenServices.setAuthenticationManager(new ProviderManager(Collections.singletonList(provider))); - } + public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager, final AuthorizationServerEndpointsConfigurer endpoints, BladeRedisCache redisCache) { + // 默认tokenGranter集合 + List granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter())); + // 增加验证码模式 + granters.add(new CaptchaTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), redisCache)); + // 组合tokenGranter集合 + return new CompositeTokenGranter(granters); } }