Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
有来技术
youlai-mall
提交
b019e6dd
Y
youlai-mall
项目概览
有来技术
/
youlai-mall
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Y
youlai-mall
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b019e6dd
编写于
6月 06, 2023
作者:
H
haoxr
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
refactor: 升级认证授权中心(临时提交勿clone)
上级
517203b8
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
798 addition
and
114 deletion
+798
-114
youlai-auth/src/main/java/com/youlai/auth/authentication/captcha/CaptchaAuthenticationConverter.java
...uthentication/captcha/CaptchaAuthenticationConverter.java
+120
-0
youlai-auth/src/main/java/com/youlai/auth/authentication/captcha/CaptchaTokenGranter.java
...ulai/auth/authentication/captcha/CaptchaTokenGranter.java
+0
-5
youlai-auth/src/main/java/com/youlai/auth/authentication/password/ResourceOwnerPasswordAuthenticationConverter.java
...assword/ResourceOwnerPasswordAuthenticationConverter.java
+120
-0
youlai-auth/src/main/java/com/youlai/auth/authentication/password/ResourceOwnerPasswordAuthenticationProvider.java
...password/ResourceOwnerPasswordAuthenticationProvider.java
+209
-0
youlai-auth/src/main/java/com/youlai/auth/authentication/password/ResourceOwnerPasswordAuthenticationToken.java
...on/password/ResourceOwnerPasswordAuthenticationToken.java
+40
-0
youlai-auth/src/main/java/com/youlai/auth/authentication/refresh/PreAuthenticatedUserDetailsService.java
...ntication/refresh/PreAuthenticatedUserDetailsService.java
+14
-15
youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java
...ava/com/youlai/auth/config/AuthorizationServerConfig.java
+241
-0
youlai-auth/src/main/java/com/youlai/auth/config/DefaultSecurityConfig.java
...in/java/com/youlai/auth/config/DefaultSecurityConfig.java
+53
-0
youlai-auth/src/main/java/com/youlai/auth/enums/PasswordEncoderTypeEnum.java
...n/java/com/youlai/auth/enums/PasswordEncoderTypeEnum.java
+0
-24
youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java
.../java/com/youlai/auth/exception/AuthExceptionHandler.java
+0
-68
youlai-auth/src/main/java/com/youlai/auth/userdetails/user/SysUserDetails.java
...java/com/youlai/auth/userdetails/user/SysUserDetails.java
+1
-2
未找到文件。
youlai-auth/src/main/java/com/youlai/auth/authentication/captcha/CaptchaAuthenticationConverter.java
0 → 100644
浏览文件 @
b019e6dd
package
com.youlai.auth.authentication.captcha
;
import
com.youlai.auth.authentication.password.ResourceOwnerPasswordAuthenticationToken
;
import
jakarta.servlet.http.HttpServletRequest
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.oauth2.core.AuthorizationGrantType
;
import
org.springframework.security.oauth2.core.OAuth2AuthenticationException
;
import
org.springframework.security.oauth2.core.OAuth2Error
;
import
org.springframework.security.oauth2.core.OAuth2ErrorCodes
;
import
org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
;
import
org.springframework.security.web.authentication.AuthenticationConverter
;
import
org.springframework.util.LinkedMultiValueMap
;
import
org.springframework.util.MultiValueMap
;
import
org.springframework.util.StringUtils
;
import
java.util.Arrays
;
import
java.util.HashSet
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
/**
* 参数解析
*
* @see org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeAuthenticationConverter
*/
public
class
CaptchaAuthenticationConverter
implements
AuthenticationConverter
{
public
static
final
String
ACCESS_TOKEN_REQUEST_ERROR_URI
=
"https://datatracker.ietf.org/doc/html/rfc6749#section-5.2"
;
@Override
public
Authentication
convert
(
HttpServletRequest
request
)
{
// grant_type (REQUIRED)
String
grantType
=
request
.
getParameter
(
OAuth2ParameterNames
.
GRANT_TYPE
);
if
(!
AuthorizationGrantType
.
PASSWORD
.
getValue
().
equals
(
grantType
))
{
return
null
;
}
MultiValueMap
<
String
,
String
>
parameters
=
getParameters
(
request
);
// scope (OPTIONAL)
String
scope
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
SCOPE
);
if
(
StringUtils
.
hasText
(
scope
)
&&
parameters
.
get
(
OAuth2ParameterNames
.
SCOPE
).
size
()
!=
1
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
SCOPE
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Set
<
String
>
requestedScopes
=
null
;
if
(
StringUtils
.
hasText
(
scope
))
{
requestedScopes
=
new
HashSet
<>(
Arrays
.
asList
(
StringUtils
.
delimitedListToStringArray
(
scope
,
" "
)));
}
// username (REQUIRED)
String
username
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
USERNAME
);
if
(!
StringUtils
.
hasText
(
username
)
||
parameters
.
get
(
OAuth2ParameterNames
.
USERNAME
).
size
()
!=
1
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
USERNAME
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
// password (REQUIRED)
String
password
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
PASSWORD
);
if
(!
StringUtils
.
hasText
(
password
)
||
parameters
.
get
(
OAuth2ParameterNames
.
PASSWORD
).
size
()
!=
1
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
PASSWORD
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Authentication
clientPrincipal
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
if
(
clientPrincipal
==
null
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ErrorCodes
.
INVALID_CLIENT
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Map
<
String
,
Object
>
additionalParameters
=
parameters
.
entrySet
()
.
stream
()
.
filter
(
e
->
!
e
.
getKey
().
equals
(
OAuth2ParameterNames
.
GRANT_TYPE
)
&&
!
e
.
getKey
().
equals
(
OAuth2ParameterNames
.
SCOPE
))
.
collect
(
Collectors
.
toMap
(
Map
.
Entry
::
getKey
,
e
->
e
.
getValue
().
get
(
0
)));
ResourceOwnerPasswordAuthenticationToken
resourceOwnerPasswordAuthenticationToken
=
new
ResourceOwnerPasswordAuthenticationToken
(
clientPrincipal
,
requestedScopes
,
additionalParameters
);
return
resourceOwnerPasswordAuthenticationToken
;
}
public
static
MultiValueMap
<
String
,
String
>
getParameters
(
HttpServletRequest
request
)
{
Map
<
String
,
String
[]>
parameterMap
=
request
.
getParameterMap
();
MultiValueMap
<
String
,
String
>
parameters
=
new
LinkedMultiValueMap
(
parameterMap
.
size
());
parameterMap
.
forEach
((
key
,
values
)
->
{
for
(
String
value
:
values
)
{
parameters
.
add
(
key
,
value
);
}
});
return
parameters
;
}
public
static
void
throwError
(
String
errorCode
,
String
parameterName
,
String
errorUri
)
{
OAuth2Error
error
=
new
OAuth2Error
(
errorCode
,
"OAuth 2.0 Parameter: "
+
parameterName
,
errorUri
);
throw
new
OAuth2AuthenticationException
(
error
);
}
}
youlai-auth/src/main/java/com/youlai/auth/authentication/captcha/CaptchaTokenGranter.java
浏览文件 @
b019e6dd
...
...
@@ -6,11 +6,6 @@ import com.youlai.common.constant.SecurityConstants;
import
org.springframework.data.redis.core.StringRedisTemplate
;
import
org.springframework.security.authentication.*
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.common.exceptions.InvalidGrantException
;
import
org.springframework.security.oauth2.provider.*
;
import
org.springframework.security.oauth2.provider.token.AbstractTokenGranter
;
import
org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
...
...
youlai-auth/src/main/java/com/youlai/auth/authentication/password/ResourceOwnerPasswordAuthenticationConverter.java
0 → 100644
浏览文件 @
b019e6dd
package
com.youlai.auth.authentication.password
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.oauth2.core.AuthorizationGrantType
;
import
org.springframework.security.oauth2.core.OAuth2AuthenticationException
;
import
org.springframework.security.oauth2.core.OAuth2Error
;
import
org.springframework.security.oauth2.core.OAuth2ErrorCodes
;
import
org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
;
import
org.springframework.security.web.authentication.AuthenticationConverter
;
import
org.springframework.util.LinkedMultiValueMap
;
import
org.springframework.util.MultiValueMap
;
import
org.springframework.util.StringUtils
;
import
jakarta.servlet.http.HttpServletRequest
;
import
java.util.Arrays
;
import
java.util.HashSet
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
/**
* 参数解析
*
* @see org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeAuthenticationConverter
*/
public
class
ResourceOwnerPasswordAuthenticationConverter
implements
AuthenticationConverter
{
public
static
final
String
ACCESS_TOKEN_REQUEST_ERROR_URI
=
"https://datatracker.ietf.org/doc/html/rfc6749#section-5.2"
;
@Override
public
Authentication
convert
(
HttpServletRequest
request
)
{
// grant_type (REQUIRED)
String
grantType
=
request
.
getParameter
(
OAuth2ParameterNames
.
GRANT_TYPE
);
if
(!
AuthorizationGrantType
.
PASSWORD
.
getValue
().
equals
(
grantType
))
{
return
null
;
}
MultiValueMap
<
String
,
String
>
parameters
=
getParameters
(
request
);
// scope (OPTIONAL)
String
scope
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
SCOPE
);
if
(
StringUtils
.
hasText
(
scope
)
&&
parameters
.
get
(
OAuth2ParameterNames
.
SCOPE
).
size
()
!=
1
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
SCOPE
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Set
<
String
>
requestedScopes
=
null
;
if
(
StringUtils
.
hasText
(
scope
))
{
requestedScopes
=
new
HashSet
<>(
Arrays
.
asList
(
StringUtils
.
delimitedListToStringArray
(
scope
,
" "
)));
}
// username (REQUIRED)
String
username
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
USERNAME
);
if
(!
StringUtils
.
hasText
(
username
)
||
parameters
.
get
(
OAuth2ParameterNames
.
USERNAME
).
size
()
!=
1
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
USERNAME
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
// password (REQUIRED)
String
password
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
PASSWORD
);
if
(!
StringUtils
.
hasText
(
password
)
||
parameters
.
get
(
OAuth2ParameterNames
.
PASSWORD
).
size
()
!=
1
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
PASSWORD
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Authentication
clientPrincipal
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
if
(
clientPrincipal
==
null
)
{
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ErrorCodes
.
INVALID_CLIENT
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Map
<
String
,
Object
>
additionalParameters
=
parameters
.
entrySet
()
.
stream
()
.
filter
(
e
->
!
e
.
getKey
().
equals
(
OAuth2ParameterNames
.
GRANT_TYPE
)
&&
!
e
.
getKey
().
equals
(
OAuth2ParameterNames
.
SCOPE
))
.
collect
(
Collectors
.
toMap
(
Map
.
Entry
::
getKey
,
e
->
e
.
getValue
().
get
(
0
)));
ResourceOwnerPasswordAuthenticationToken
resourceOwnerPasswordAuthenticationToken
=
new
ResourceOwnerPasswordAuthenticationToken
(
clientPrincipal
,
requestedScopes
,
additionalParameters
);
return
resourceOwnerPasswordAuthenticationToken
;
}
public
static
MultiValueMap
<
String
,
String
>
getParameters
(
HttpServletRequest
request
)
{
Map
<
String
,
String
[]>
parameterMap
=
request
.
getParameterMap
();
MultiValueMap
<
String
,
String
>
parameters
=
new
LinkedMultiValueMap
(
parameterMap
.
size
());
parameterMap
.
forEach
((
key
,
values
)
->
{
for
(
String
value
:
values
)
{
parameters
.
add
(
key
,
value
);
}
});
return
parameters
;
}
public
static
void
throwError
(
String
errorCode
,
String
parameterName
,
String
errorUri
)
{
OAuth2Error
error
=
new
OAuth2Error
(
errorCode
,
"OAuth 2.0 Parameter: "
+
parameterName
,
errorUri
);
throw
new
OAuth2AuthenticationException
(
error
);
}
}
youlai-auth/src/main/java/com/youlai/auth/authentication/password/ResourceOwnerPasswordAuthenticationProvider.java
0 → 100644
浏览文件 @
b019e6dd
package
com.youlai.auth.authentication.password
;
import
cn.hutool.core.lang.Assert
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.security.authentication.AuthenticationManager
;
import
org.springframework.security.authentication.AuthenticationProvider
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.oauth2.core.*
;
import
org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
;
import
org.springframework.security.oauth2.core.oidc.OidcIdToken
;
import
org.springframework.security.oauth2.core.oidc.OidcScopes
;
import
org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
;
import
org.springframework.security.oauth2.jwt.Jwt
;
import
org.springframework.security.oauth2.server.authorization.OAuth2Authorization
;
import
org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService
;
import
org.springframework.security.oauth2.server.authorization.OAuth2TokenType
;
import
org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken
;
import
org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken
;
import
org.springframework.security.oauth2.server.authorization.client.RegisteredClient
;
import
org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder
;
import
org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext
;
import
org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext
;
import
org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator
;
import
org.springframework.util.CollectionUtils
;
import
java.security.Principal
;
import
java.util.*
;
import
java.util.stream.Collectors
;
/**
* 密码模式身份验证提供者
*/
@Slf4j
public
class
ResourceOwnerPasswordAuthenticationProvider
implements
AuthenticationProvider
{
private
static
final
String
ERROR_URI
=
"https://datatracker.ietf.org/doc/html/rfc6749#section-5.2"
;
private
static
final
OAuth2TokenType
ID_TOKEN_TOKEN_TYPE
=
new
OAuth2TokenType
(
OidcParameterNames
.
ID_TOKEN
);
private
final
AuthenticationManager
authenticationManager
;
private
final
OAuth2AuthorizationService
authorizationService
;
private
final
OAuth2TokenGenerator
<?
extends
OAuth2Token
>
tokenGenerator
;
/**
* Constructs an {@code OAuth2ResourceOwnerPasswordAuthenticationProviderNew} using the provided parameters.
*
* @param authenticationManager the authentication manager
* @param authorizationService the authorization service
* @param tokenGenerator the token generator
* @since 0.2.3
*/
public
ResourceOwnerPasswordAuthenticationProvider
(
AuthenticationManager
authenticationManager
,
OAuth2AuthorizationService
authorizationService
,
OAuth2TokenGenerator
<?
extends
OAuth2Token
>
tokenGenerator
)
{
Assert
.
notNull
(
authorizationService
,
"authorizationService cannot be null"
);
Assert
.
notNull
(
tokenGenerator
,
"tokenGenerator cannot be null"
);
this
.
authenticationManager
=
authenticationManager
;
this
.
authorizationService
=
authorizationService
;
this
.
tokenGenerator
=
tokenGenerator
;
}
@Override
public
Authentication
authenticate
(
Authentication
authentication
)
throws
AuthenticationException
{
ResourceOwnerPasswordAuthenticationToken
authenticationToken
=
(
ResourceOwnerPasswordAuthenticationToken
)
authentication
;
// 验证客户端是否已认证
OAuth2ClientAuthenticationToken
clientPrincipal
=
getAuthenticatedClientElseThrowInvalidClient
(
authenticationToken
);
RegisteredClient
registeredClient
=
clientPrincipal
.
getRegisteredClient
();
// 验证客户端是否支持(grant_type=password)授权模式
if
(!
registeredClient
.
getAuthorizationGrantTypes
().
contains
(
AuthorizationGrantType
.
PASSWORD
))
{
throw
new
OAuth2AuthenticationException
(
OAuth2ErrorCodes
.
UNAUTHORIZED_CLIENT
);
}
// 密码验证
Map
<
String
,
Object
>
additionalParameters
=
authenticationToken
.
getAdditionalParameters
();
String
username
=
(
String
)
additionalParameters
.
get
(
OAuth2ParameterNames
.
USERNAME
);
String
password
=
(
String
)
additionalParameters
.
get
(
OAuth2ParameterNames
.
PASSWORD
);
UsernamePasswordAuthenticationToken
passwordAuthenticationToken
=
new
UsernamePasswordAuthenticationToken
(
username
,
password
);
log
.
debug
(
"got usernamePasswordAuthenticationToken="
+
passwordAuthenticationToken
);
Authentication
usernamePasswordAuthentication
=
authenticationManager
.
authenticate
(
passwordAuthenticationToken
);
// 验证成功开始授权,客户端是否支持用户所需的权限Scope
Set
<
String
>
authorizedScopes
=
registeredClient
.
getScopes
();
// Default to configured scopes
Set
<
String
>
requestedScopes
=
authenticationToken
.
getScopes
();
if
(!
CollectionUtils
.
isEmpty
(
requestedScopes
))
{
Set
<
String
>
unauthorizedScopes
=
requestedScopes
.
stream
()
.
filter
(
requestedScope
->
!
registeredClient
.
getScopes
().
contains
(
requestedScope
))
.
collect
(
Collectors
.
toSet
());
if
(!
CollectionUtils
.
isEmpty
(
unauthorizedScopes
))
{
throw
new
OAuth2AuthenticationException
(
OAuth2ErrorCodes
.
INVALID_SCOPE
);
}
authorizedScopes
=
new
LinkedHashSet
<>(
requestedScopes
);
}
// 生成 access_token
// @formatter:off
DefaultOAuth2TokenContext
.
Builder
tokenContextBuilder
=
DefaultOAuth2TokenContext
.
builder
()
.
registeredClient
(
registeredClient
)
.
principal
(
usernamePasswordAuthentication
)
.
authorizationServerContext
(
AuthorizationServerContextHolder
.
getContext
())
.
authorizedScopes
(
authorizedScopes
)
.
authorizationGrantType
(
AuthorizationGrantType
.
PASSWORD
)
.
authorizationGrant
(
passwordAuthenticationToken
);
// @formatter:on
// ----- Access token -----
OAuth2TokenContext
tokenContext
=
tokenContextBuilder
.
tokenType
(
OAuth2TokenType
.
ACCESS_TOKEN
).
build
();
OAuth2Token
generatedAccessToken
=
this
.
tokenGenerator
.
generate
(
tokenContext
);
if
(
generatedAccessToken
==
null
)
{
OAuth2Error
error
=
new
OAuth2Error
(
OAuth2ErrorCodes
.
SERVER_ERROR
,
"The token generator failed to generate the access token."
,
ERROR_URI
);
throw
new
OAuth2AuthenticationException
(
error
);
}
OAuth2AccessToken
accessToken
=
new
OAuth2AccessToken
(
OAuth2AccessToken
.
TokenType
.
BEARER
,
generatedAccessToken
.
getTokenValue
(),
generatedAccessToken
.
getIssuedAt
(),
generatedAccessToken
.
getExpiresAt
(),
tokenContext
.
getAuthorizedScopes
());
// @formatter:off
OAuth2Authorization
.
Builder
authorizationBuilder
=
OAuth2Authorization
.
withRegisteredClient
(
registeredClient
)
.
principalName
(
usernamePasswordAuthentication
.
getName
())
.
authorizationGrantType
(
AuthorizationGrantType
.
PASSWORD
)
.
authorizedScopes
(
authorizedScopes
)
.
attribute
(
Principal
.
class
.
getName
(),
usernamePasswordAuthentication
);
// @formatter:on
if
(
generatedAccessToken
instanceof
ClaimAccessor
)
{
authorizationBuilder
.
token
(
accessToken
,
(
metadata
)
->
metadata
.
put
(
OAuth2Authorization
.
Token
.
CLAIMS_METADATA_NAME
,
((
ClaimAccessor
)
generatedAccessToken
).
getClaims
()));
}
else
{
authorizationBuilder
.
accessToken
(
accessToken
);
}
// ----- Refresh token -----
OAuth2RefreshToken
refreshToken
=
null
;
if
(
registeredClient
.
getAuthorizationGrantTypes
().
contains
(
AuthorizationGrantType
.
REFRESH_TOKEN
)
&&
// Do not issue refresh token to public client
!
clientPrincipal
.
getClientAuthenticationMethod
().
equals
(
ClientAuthenticationMethod
.
NONE
))
{
tokenContext
=
tokenContextBuilder
.
tokenType
(
OAuth2TokenType
.
REFRESH_TOKEN
).
build
();
OAuth2Token
generatedRefreshToken
=
this
.
tokenGenerator
.
generate
(
tokenContext
);
if
(!(
generatedRefreshToken
instanceof
OAuth2RefreshToken
))
{
OAuth2Error
error
=
new
OAuth2Error
(
OAuth2ErrorCodes
.
SERVER_ERROR
,
"The token generator failed to generate the refresh token."
,
ERROR_URI
);
throw
new
OAuth2AuthenticationException
(
error
);
}
refreshToken
=
(
OAuth2RefreshToken
)
generatedRefreshToken
;
authorizationBuilder
.
refreshToken
(
refreshToken
);
}
// ----- ID token -----
OidcIdToken
idToken
;
if
(
requestedScopes
.
contains
(
OidcScopes
.
OPENID
))
{
// @formatter:off
tokenContext
=
tokenContextBuilder
.
tokenType
(
ID_TOKEN_TOKEN_TYPE
)
.
authorization
(
authorizationBuilder
.
build
())
// ID token customizer may need access to the access token and/or refresh token
.
build
();
// @formatter:on
OAuth2Token
generatedIdToken
=
this
.
tokenGenerator
.
generate
(
tokenContext
);
if
(!(
generatedIdToken
instanceof
Jwt
))
{
OAuth2Error
error
=
new
OAuth2Error
(
OAuth2ErrorCodes
.
SERVER_ERROR
,
"The token generator failed to generate the ID token."
,
ERROR_URI
);
throw
new
OAuth2AuthenticationException
(
error
);
}
idToken
=
new
OidcIdToken
(
generatedIdToken
.
getTokenValue
(),
generatedIdToken
.
getIssuedAt
(),
generatedIdToken
.
getExpiresAt
(),
((
Jwt
)
generatedIdToken
).
getClaims
());
authorizationBuilder
.
token
(
idToken
,
(
metadata
)
->
metadata
.
put
(
OAuth2Authorization
.
Token
.
CLAIMS_METADATA_NAME
,
idToken
.
getClaims
()));
}
else
{
idToken
=
null
;
}
OAuth2Authorization
authorization
=
authorizationBuilder
.
build
();
this
.
authorizationService
.
save
(
authorization
);
additionalParameters
=
Collections
.
emptyMap
();
if
(
idToken
!=
null
)
{
additionalParameters
=
new
HashMap
<>();
additionalParameters
.
put
(
OidcParameterNames
.
ID_TOKEN
,
idToken
.
getTokenValue
());
}
return
new
OAuth2AccessTokenAuthenticationToken
(
registeredClient
,
clientPrincipal
,
accessToken
,
refreshToken
,
additionalParameters
);
}
@Override
public
boolean
supports
(
Class
<?>
authentication
)
{
return
ResourceOwnerPasswordAuthenticationToken
.
class
.
isAssignableFrom
(
authentication
);
}
private
static
OAuth2ClientAuthenticationToken
getAuthenticatedClientElseThrowInvalidClient
(
Authentication
authentication
)
{
OAuth2ClientAuthenticationToken
clientPrincipal
=
null
;
if
(
OAuth2ClientAuthenticationToken
.
class
.
isAssignableFrom
(
authentication
.
getPrincipal
().
getClass
()))
{
clientPrincipal
=
(
OAuth2ClientAuthenticationToken
)
authentication
.
getPrincipal
();
}
if
(
clientPrincipal
!=
null
&&
clientPrincipal
.
isAuthenticated
())
{
return
clientPrincipal
;
}
throw
new
OAuth2AuthenticationException
(
OAuth2ErrorCodes
.
INVALID_CLIENT
);
}
}
youlai-auth/src/main/java/com/youlai/auth/authentication/password/ResourceOwnerPasswordAuthenticationToken.java
0 → 100644
浏览文件 @
b019e6dd
package
com.youlai.auth.authentication.password
;
import
jakarta.annotation.Nullable
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.core.AuthorizationGrantType
;
import
org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
;
import
org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken
;
import
java.util.*
;
public
class
ResourceOwnerPasswordAuthenticationToken
extends
OAuth2AuthorizationGrantAuthenticationToken
{
private
final
Set
<
String
>
scopes
;
/**
* {@link org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken}
*
* @param clientPrincipal
* @param additionalParameters
*/
protected
ResourceOwnerPasswordAuthenticationToken
(
Authentication
clientPrincipal
,
@Nullable
Set
<
String
>
scopes
,
Map
<
String
,
Object
>
additionalParameters
)
{
super
(
AuthorizationGrantType
.
PASSWORD
,
clientPrincipal
,
additionalParameters
);
this
.
scopes
=
Collections
.
unmodifiableSet
(
scopes
!=
null
?
new
HashSet
<>(
scopes
)
:
Collections
.
emptySet
());
}
public
Set
<
String
>
getScopes
()
{
return
this
.
scopes
;
}
@Override
public
Object
getCredentials
()
{
return
this
.
getAdditionalParameters
().
get
(
OAuth2ParameterNames
.
PASSWORD
);
}
}
youlai-auth/src/main/java/com/youlai/auth/authentication/refresh/PreAuthenticatedUserDetailsService.java
浏览文件 @
b019e6dd
...
...
@@ -11,7 +11,6 @@ import org.springframework.security.core.userdetails.AuthenticationUserDetailsSe
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer
;
import
org.springframework.util.Assert
;
import
java.util.Map
;
...
...
@@ -27,8 +26,6 @@ public class PreAuthenticatedUserDetailsService<T extends Authentication> implem
/**
* 客户端ID和用户服务 UserDetailService 的映射
*
* @see AuthorizationServerConfig#tokenServices(AuthorizationServerEndpointsConfigurer)
*/
private
Map
<
String
,
UserDetailsService
>
userDetailsServiceMap
;
...
...
@@ -54,19 +51,21 @@ public class PreAuthenticatedUserDetailsService<T extends Authentication> implem
String
clientId
=
RequestUtils
.
getClientId
();
// 获取认证身份标识,默认是用户名:username
UserDetailsService
userDetailsService
=
userDetailsServiceMap
.
get
(
clientId
);
if
(
clientId
.
equals
(
SecurityConstants
.
APP_CLIENT_ID
))
{
// 移动端的用户体系是会员,认证方式是通过手机号 mobile 认证
MemberUserDetailsServiceImpl
memberUserDetailsService
=
(
MemberUserDetailsServiceImpl
)
userDetailsService
;
return
memberUserDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
}
else
if
(
clientId
.
equals
(
SecurityConstants
.
WEAPP_CLIENT_ID
))
{
// 小程序的用户体系是会员,认证方式是通过微信三方标识 openid 认证
MemberUserDetailsServiceImpl
memberUserDetailsService
=
(
MemberUserDetailsServiceImpl
)
userDetailsService
;
return
memberUserDetailsService
.
loadUserByOpenId
(
authentication
.
getName
());
}
else
if
(
clientId
.
equals
(
SecurityConstants
.
ADMIN_CLIENT_ID
))
{
switch
(
clientId
)
{
case
SecurityConstants
.
APP_CLIENT_ID
->
{
// 移动端的用户体系是会员,认证方式是通过手机号 mobile 认证
MemberUserDetailsServiceImpl
memberUserDetailsService
=
(
MemberUserDetailsServiceImpl
)
userDetailsService
;
return
memberUserDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
}
case
SecurityConstants
.
WEAPP_CLIENT_ID
->
{
// 小程序的用户体系是会员,认证方式是通过微信三方标识 openid 认证
MemberUserDetailsServiceImpl
memberUserDetailsService
=
(
MemberUserDetailsServiceImpl
)
userDetailsService
;
return
memberUserDetailsService
.
loadUserByOpenId
(
authentication
.
getName
());
}
// 管理系统的用户体系是系统用户,认证方式通过用户名 username 认证
return
userDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
}
else
{
return
userDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
default
->
{
return
userDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
}
}
}
}
youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java
0 → 100644
浏览文件 @
b019e6dd
package
com.youlai.auth.config
;
import
com.nimbusds.jose.jwk.JWKSet
;
import
com.nimbusds.jose.jwk.RSAKey
;
import
com.nimbusds.jose.jwk.source.ImmutableJWKSet
;
import
com.nimbusds.jose.jwk.source.JWKSource
;
import
com.nimbusds.jose.proc.SecurityContext
;
import
com.youlai.auth.authentication.password.ResourceOwnerPasswordAuthenticationConverter
;
import
com.youlai.auth.authentication.password.ResourceOwnerPasswordAuthenticationProvider
;
import
com.youlai.auth.userdetails.user.SysUserDetails
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.core.Ordered
;
import
org.springframework.core.annotation.Order
;
import
org.springframework.jdbc.core.JdbcTemplate
;
import
org.springframework.security.authentication.AuthenticationManager
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.crypto.factory.PasswordEncoderFactories
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.oauth2.core.AuthorizationGrantType
;
import
org.springframework.security.oauth2.core.ClientAuthenticationMethod
;
import
org.springframework.security.oauth2.core.oidc.OidcScopes
;
import
org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
;
import
org.springframework.security.oauth2.jwt.JwtDecoder
;
import
org.springframework.security.oauth2.jwt.NimbusJwtEncoder
;
import
org.springframework.security.oauth2.server.authorization.*
;
import
org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository
;
import
org.springframework.security.oauth2.server.authorization.client.RegisteredClient
;
import
org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
;
import
org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration
;
import
org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer
;
import
org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings
;
import
org.springframework.security.oauth2.server.authorization.settings.ClientSettings
;
import
org.springframework.security.oauth2.server.authorization.token.*
;
import
org.springframework.security.web.SecurityFilterChain
;
import
org.springframework.security.web.util.matcher.RequestMatcher
;
import
java.security.KeyPair
;
import
java.security.KeyPairGenerator
;
import
java.security.interfaces.RSAPrivateKey
;
import
java.security.interfaces.RSAPublicKey
;
import
java.util.List
;
import
java.util.Optional
;
import
java.util.UUID
;
@Configuration
public
class
AuthorizationServerConfig
{
/**
* 授权配置
*
* @param http
* @return
* @throws Exception
*/
@Bean
@Order
(
Ordered
.
HIGHEST_PRECEDENCE
)
public
SecurityFilterChain
authorizationServerSecurityFilterChain
(
HttpSecurity
http
,
AuthenticationManager
authenticationManager
,
OAuth2AuthorizationService
authorizationService
,
OAuth2TokenGenerator
<?>
tokenGenerator
)
throws
Exception
{
OAuth2AuthorizationServerConfigurer
authorizationServerConfigurer
=
new
OAuth2AuthorizationServerConfigurer
();
authorizationServerConfigurer
.
tokenEndpoint
(
tokenEndpoint
->
tokenEndpoint
.
accessTokenRequestConverters
(
// <1>
authenticationConverters
->
authenticationConverters
.
addAll
(
List
.
of
(
new
ResourceOwnerPasswordAuthenticationConverter
())
)
)
.
authenticationProviders
(
// <2>
authenticationProviders
->
authenticationProviders
.
addAll
(
List
.
of
(
new
ResourceOwnerPasswordAuthenticationProvider
(
authenticationManager
,
authorizationService
,
tokenGenerator
))
)
)
);
RequestMatcher
endpointsMatcher
=
authorizationServerConfigurer
.
getEndpointsMatcher
();
http
.
securityMatcher
(
endpointsMatcher
)
.
authorizeHttpRequests
(
authorize
->
authorize
.
anyRequest
().
authenticated
()
)
.
csrf
(
csrf
->
csrf
.
ignoringRequestMatchers
(
endpointsMatcher
))
.
apply
(
authorizationServerConfigurer
);
return
http
.
build
();
}
@Bean
// <5>
public
JWKSource
<
SecurityContext
>
jwkSource
()
{
KeyPair
keyPair
=
generateRsaKey
();
RSAPublicKey
publicKey
=
(
RSAPublicKey
)
keyPair
.
getPublic
();
RSAPrivateKey
privateKey
=
(
RSAPrivateKey
)
keyPair
.
getPrivate
();
// @formatter:off
RSAKey
rsaKey
=
new
RSAKey
.
Builder
(
publicKey
)
.
privateKey
(
privateKey
)
.
keyID
(
UUID
.
randomUUID
().
toString
())
.
build
();
// @formatter:on
JWKSet
jwkSet
=
new
JWKSet
(
rsaKey
);
return
new
ImmutableJWKSet
<>(
jwkSet
);
}
private
static
KeyPair
generateRsaKey
()
{
// <6>
KeyPair
keyPair
;
try
{
KeyPairGenerator
keyPairGenerator
=
KeyPairGenerator
.
getInstance
(
"RSA"
);
keyPairGenerator
.
initialize
(
2048
);
keyPair
=
keyPairGenerator
.
generateKeyPair
();
}
catch
(
Exception
ex
)
{
throw
new
IllegalStateException
(
ex
);
}
return
keyPair
;
}
@Bean
public
JwtDecoder
jwtDecoder
(
JWKSource
<
SecurityContext
>
jwkSource
)
{
return
OAuth2AuthorizationServerConfiguration
.
jwtDecoder
(
jwkSource
);
}
@Bean
public
AuthorizationServerSettings
authorizationServerSettings
()
{
return
AuthorizationServerSettings
.
builder
().
build
();
}
@Bean
public
PasswordEncoder
passwordEncoder
()
{
return
PasswordEncoderFactories
.
createDelegatingPasswordEncoder
();
}
@Bean
public
RegisteredClientRepository
registeredClientRepository
(
JdbcTemplate
jdbcTemplate
)
{
String
messagingClientId
=
"messaging-client"
;
RegisteredClient
messagingClient
=
RegisteredClient
.
withId
(
UUID
.
randomUUID
().
toString
())
.
clientId
(
messagingClientId
)
.
clientSecret
(
"{noop}secret"
)
.
clientAuthenticationMethod
(
ClientAuthenticationMethod
.
CLIENT_SECRET_BASIC
)
.
authorizationGrantType
(
AuthorizationGrantType
.
AUTHORIZATION_CODE
)
.
authorizationGrantType
(
AuthorizationGrantType
.
REFRESH_TOKEN
)
.
authorizationGrantType
(
AuthorizationGrantType
.
CLIENT_CREDENTIALS
)
.
redirectUri
(
"http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc"
)
.
redirectUri
(
"http://127.0.0.1:8080/authorized"
)
.
postLogoutRedirectUri
(
"http://127.0.0.1:8080/logged-out"
)
.
scope
(
OidcScopes
.
OPENID
)
.
scope
(
OidcScopes
.
PROFILE
)
.
scope
(
"message.read"
)
.
scope
(
"message.write"
)
.
clientSettings
(
ClientSettings
.
builder
().
requireAuthorizationConsent
(
true
).
build
())
.
build
();
String
deviceClientId
=
"device-messaging-client"
;
RegisteredClient
deviceClient
=
RegisteredClient
.
withId
(
UUID
.
randomUUID
().
toString
())
.
clientId
(
deviceClientId
)
.
clientAuthenticationMethod
(
ClientAuthenticationMethod
.
NONE
)
.
authorizationGrantType
(
AuthorizationGrantType
.
DEVICE_CODE
)
.
authorizationGrantType
(
AuthorizationGrantType
.
REFRESH_TOKEN
)
.
scope
(
"message.read"
)
.
scope
(
"message.write"
)
.
build
();
// Save registered client's in db as if in-memory
JdbcRegisteredClientRepository
registeredClientRepository
=
new
JdbcRegisteredClientRepository
(
jdbcTemplate
);
RegisteredClient
registeredMessagingClient
=
registeredClientRepository
.
findByClientId
(
messagingClientId
);
if
(
registeredMessagingClient
==
null
)
{
registeredClientRepository
.
save
(
messagingClient
);
}
RegisteredClient
registeredDeviceClient
=
registeredClientRepository
.
findByClientId
(
deviceClientId
);
if
(
registeredDeviceClient
==
null
)
{
registeredClientRepository
.
save
(
deviceClient
);
}
return
registeredClientRepository
;
}
// @formatter:on
@Bean
public
OAuth2AuthorizationService
authorizationService
(
JdbcTemplate
jdbcTemplate
,
RegisteredClientRepository
registeredClientRepository
)
{
return
new
JdbcOAuth2AuthorizationService
(
jdbcTemplate
,
registeredClientRepository
);
}
@Bean
public
OAuth2AuthorizationConsentService
authorizationConsentService
(
JdbcTemplate
jdbcTemplate
,
RegisteredClientRepository
registeredClientRepository
)
{
// Will be used by the ConsentController
return
new
JdbcOAuth2AuthorizationConsentService
(
jdbcTemplate
,
registeredClientRepository
);
}
@Bean
OAuth2TokenGenerator
<?>
tokenGenerator
(
JWKSource
<
SecurityContext
>
jwkSource
)
{
JwtGenerator
jwtGenerator
=
new
JwtGenerator
(
new
NimbusJwtEncoder
(
jwkSource
));
jwtGenerator
.
setJwtCustomizer
(
jwtCustomizer
());
OAuth2AccessTokenGenerator
accessTokenGenerator
=
new
OAuth2AccessTokenGenerator
();
OAuth2RefreshTokenGenerator
refreshTokenGenerator
=
new
OAuth2RefreshTokenGenerator
();
return
new
DelegatingOAuth2TokenGenerator
(
jwtGenerator
,
accessTokenGenerator
,
refreshTokenGenerator
);
}
@Bean
public
OAuth2TokenCustomizer
<
JwtEncodingContext
>
jwtCustomizer
()
{
return
context
->
{
if
(
OAuth2TokenType
.
ACCESS_TOKEN
.
equals
(
context
.
getTokenType
())
&&
context
.
getPrincipal
()
instanceof
UsernamePasswordAuthenticationToken
)
{
// Customize headers/claims for access_token
Optional
.
ofNullable
(
context
.
getPrincipal
().
getPrincipal
()).
ifPresent
(
principal
->
{
if
(
principal
instanceof
SysUserDetails
userDetails
)
{
context
.
getClaims
().
claim
(
"user_id"
,
String
.
valueOf
(
userDetails
.
getUserId
()));
}
});
}
else
if
(
context
.
getTokenType
().
getValue
().
equals
(
OidcParameterNames
.
ID_TOKEN
))
{
// Customize headers/claims for id_token
}
};
}
@Bean
public
AuthenticationManager
authenticationManager
(
AuthenticationConfiguration
authenticationConfiguration
)
throws
Exception
{
return
authenticationConfiguration
.
getAuthenticationManager
();
}
}
youlai-auth/src/main/java/com/youlai/auth/config/DefaultSecurityConfig.java
0 → 100644
浏览文件 @
b019e6dd
package
com.youlai.auth.config
;
import
cn.hutool.core.collection.CollectionUtil
;
import
cn.hutool.core.convert.Convert
;
import
lombok.RequiredArgsConstructor
;
import
lombok.Setter
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
;
import
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
;
import
org.springframework.security.web.SecurityFilterChain
;
import
java.util.Arrays
;
import
java.util.List
;
import
static
org
.
springframework
.
security
.
config
.
Customizer
.
withDefaults
;
@Configuration
@EnableWebSecurity
(
debug
=
true
)
@RequiredArgsConstructor
public
class
DefaultSecurityConfig
{
@Setter
private
List
<
String
>
ignoreUrls
;
@Bean
SecurityFilterChain
defaultSecurityFilterChain
(
HttpSecurity
http
)
throws
Exception
{
if
(
CollectionUtil
.
isEmpty
(
ignoreUrls
))
{
ignoreUrls
=
Arrays
.
asList
(
"/webjars/**"
,
"/doc.html"
,
"/swagger-resources/**"
,
"/v3/api-docs/**"
,
"/swagger-ui/**"
);
}
http
.
authorizeHttpRequests
(
authorize
->
authorize
.
requestMatchers
(
Convert
.
toStrArray
(
ignoreUrls
)).
permitAll
()
.
anyRequest
().
authenticated
()
)
.
csrf
(
AbstractHttpConfigurer:
:
disable
)
.
formLogin
(
withDefaults
())
;
return
http
.
build
();
}
}
youlai-auth/src/main/java/com/youlai/auth/enums/PasswordEncoderTypeEnum.java
已删除
100644 → 0
浏览文件 @
517203b8
package
com.youlai.auth.enums
;
import
lombok.Getter
;
/**
* 密码编码类型枚举
*
* @author haoxr
* @since 2021/6/5 17:57
*/
public
enum
PasswordEncoderTypeEnum
{
BCRYPT
(
"{bcrypt}"
,
"BCRYPT加密"
),
NOOP
(
"{noop}"
,
"无加密明文"
);
@Getter
private
String
prefix
;
PasswordEncoderTypeEnum
(
String
prefix
,
String
desc
){
this
.
prefix
=
prefix
;
}
}
youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java
已删除
100644 → 0
浏览文件 @
517203b8
package
com.youlai.auth.exception
;
import
com.youlai.common.result.Result
;
import
com.youlai.common.result.ResultCode
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.security.authentication.InternalAuthenticationServiceException
;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.security.oauth2.common.exceptions.InvalidGrantException
;
import
org.springframework.security.oauth2.common.exceptions.InvalidTokenException
;
import
org.springframework.web.bind.annotation.ExceptionHandler
;
import
org.springframework.web.bind.annotation.ResponseStatus
;
import
org.springframework.web.bind.annotation.RestControllerAdvice
;
@RestControllerAdvice
@Slf4j
public
class
AuthExceptionHandler
{
/**
* 用户不存在
*
* @param e
* @return
*/
@ResponseStatus
(
HttpStatus
.
BAD_REQUEST
)
@ExceptionHandler
(
UsernameNotFoundException
.
class
)
public
Result
handleUsernameNotFoundException
(
UsernameNotFoundException
e
)
{
return
Result
.
failed
(
ResultCode
.
USER_NOT_EXIST
);
}
/**
* 用户名和密码异常
*
* @param e
* @return
*/
@ResponseStatus
(
HttpStatus
.
BAD_REQUEST
)
@ExceptionHandler
(
InvalidGrantException
.
class
)
public
Result
handleInvalidGrantException
(
InvalidGrantException
e
)
{
return
Result
.
failed
(
ResultCode
.
USERNAME_OR_PASSWORD_ERROR
);
}
/**
* 账户异常(禁用、锁定、过期)
*
* @param e
* @return
*/
@ResponseStatus
(
HttpStatus
.
BAD_REQUEST
)
@ExceptionHandler
({
InternalAuthenticationServiceException
.
class
})
public
Result
handleInternalAuthenticationServiceException
(
InternalAuthenticationServiceException
e
)
{
return
Result
.
failed
(
e
.
getMessage
());
}
/**
* token 无效或已过期
*
* @param e
* @return
*/
@ResponseStatus
(
HttpStatus
.
BAD_REQUEST
)
@ExceptionHandler
({
InvalidTokenException
.
class
})
public
Result
handleInvalidTokenExceptionException
(
InvalidTokenException
e
)
{
return
Result
.
failed
(
e
.
getMessage
());
}
}
youlai-auth/src/main/java/com/youlai/auth/userdetails/user/SysUserDetails.java
浏览文件 @
b019e6dd
...
...
@@ -3,7 +3,6 @@ package com.youlai.auth.userdetails.user;
import
cn.hutool.core.collection.CollectionUtil
;
import
com.youlai.common.enums.StatusEnum
;
import
com.youlai.system.dto.UserAuthInfo
;
import
com.youlai.auth.enums.PasswordEncoderTypeEnum
;
import
lombok.Data
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
...
...
@@ -56,7 +55,7 @@ public class SysUserDetails implements UserDetails {
this
.
setUsername
(
user
.
getUsername
());
this
.
setDeptId
(
user
.
getDeptId
());
this
.
setDataScope
(
user
.
getDataScope
());
this
.
setPassword
(
PasswordEncoderTypeEnum
.
BCRYPT
.
getPrefix
()
+
user
.
getPassword
());
this
.
setPassword
(
"{bcrypt}"
+
user
.
getPassword
());
this
.
setEnabled
(
StatusEnum
.
ENABLE
.
getValue
().
equals
(
user
.
getStatus
()));
if
(
CollectionUtil
.
isNotEmpty
(
user
.
getRoles
()))
{
authorities
=
user
.
getRoles
().
stream
()
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录