diff --git a/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java b/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java index 494999fd..cb79ad98 100644 --- a/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java +++ b/blade-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java @@ -43,6 +43,8 @@ public class BladeTokenGranter { List granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter())); // 增加验证码模式 granters.add(new CaptchaTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), bladeRedis)); + // 本地登录 + granters.add(new LocalServerTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), bladeRedis)); // 增加第三方登陆模式 diff --git a/blade-auth/src/main/java/org/springblade/auth/granter/LocalServerTokenGranter.java b/blade-auth/src/main/java/org/springblade/auth/granter/LocalServerTokenGranter.java new file mode 100644 index 00000000..4e6ccb25 --- /dev/null +++ b/blade-auth/src/main/java/org/springblade/auth/granter/LocalServerTokenGranter.java @@ -0,0 +1,74 @@ +package org.springblade.auth.granter; + +import org.springblade.auth.utils.TokenUtil; +import org.springblade.common.cache.CacheNames; +import org.springblade.core.redis.cache.BladeRedis; +import org.springblade.core.tool.utils.StringUtil; +import org.springblade.core.tool.utils.WebUtil; +import org.springframework.security.authentication.*; +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; +import org.springframework.security.oauth2.provider.*; +import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; +import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; + +import javax.servlet.http.HttpServletRequest; +import java.util.LinkedHashMap; +import java.util.Map; + +/** + * 本地内部服务TokenGranter + * + * @author Chill + */ +public class LocalServerTokenGranter extends AbstractTokenGranter { + + private static final String GRANT_TYPE = "localserver"; + + private final AuthenticationManager authenticationManager; + + private BladeRedis bladeRedis; + + public LocalServerTokenGranter(AuthenticationManager authenticationManager, + AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, BladeRedis bladeRedis) { + this(authenticationManager, tokenServices, clientDetailsService, requestFactory, GRANT_TYPE); + this.bladeRedis = bladeRedis; + } + + protected LocalServerTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices, + ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) { + super(tokenServices, clientDetailsService, requestFactory, grantType); + this.authenticationManager = authenticationManager; + } + + @Override + protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { + HttpServletRequest request = WebUtil.getRequest(); + + + Map parameters = new LinkedHashMap(tokenRequest.getRequestParameters()); + String username = parameters.get("username"); + String password = parameters.get("password"); + // Protect from downstream leaks of password + parameters.remove("password"); + + Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password); + ((AbstractAuthenticationToken) userAuth).setDetails(parameters); + try { + userAuth = authenticationManager.authenticate(userAuth); + } + catch (AccountStatusException | BadCredentialsException ase) { + //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31) + throw new InvalidGrantException(ase.getMessage()); + } + // If the username/password are wrong the spec says we should send 400/invalid grant + + if (userAuth == null || !userAuth.isAuthenticated()) { + throw new InvalidGrantException("Could not authenticate user: " + username); + } + + OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); + return new OAuth2Authentication(storedOAuth2Request, userAuth); + } +}