Skip to content

Y
youlai-mall

有来开源组织 / youlai-mall

通知 8
Star 0
Fork 0
Y
youlai-mall

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
WxMiniAppAuthenticationProvider.java 8.4 KB
Newer Older
feat: 完善OAuth2自定义异常处理逻辑  
郝先瑞 已提交
1 
package com.youlai.auth.authentication.miniapp;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
2
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
3 4 
import cn.binarywang.wx.miniapp.api.WxMaService;
import cn.binarywang.wx.miniapp.bean.WxMaJscode2SessionResult;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
5 
import cn.hutool.core.lang.Assert;
feat: 新增SAS密码、验证码、短信验证码和微信小程序授权模式  
郝先瑞 已提交
6 
import com.youlai.auth.userdetails.member.MemberDetailsService;
feat: 微信小程序授权认证扩展(临时提交勿clone)  
郝先瑞 已提交
7 
import com.youlai.auth.util.OAuth2AuthenticationProviderUtils;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
8 
import lombok.extern.slf4j.Slf4j;
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
9 
import me.chanjar.weixin.common.error.WxErrorException;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
10 11 12 13 14 15 
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.core.*;
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
16 
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;

import java.security.Principal;
import java.util.Map;

/**
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
32 
 * 微信授权认证 Provider
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
33 34 35 36 37 
 *
 * @author haoxr
 * @since 3.0.0
 */
@Slf4j
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
38 
public class WxMiniAppAuthenticationProvider implements AuthenticationProvider {
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
39 40 41 42 43 44 

    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";

    private final OAuth2AuthorizationService authorizationService;
    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
feat: 新增SAS密码、验证码、短信验证码和微信小程序授权模式  
郝先瑞 已提交
45 
    private final MemberDetailsService memberDetailsService;
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
46 47 

    private final WxMaService wxMaService;
feat: 微信小程序授权认证扩展(临时提交勿clone)  
郝先瑞 已提交
48
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
49 50 51 52 

    /**
     * Constructs an {@code OAuth2ResourceOwnerPasswordAuthenticationProviderNew} using the provided parameters.
     *
H
refactor: 框架升级错误问题修复(临时提交勿clone)  
haoxr 已提交
53 54 
     * @param authorizationService the authorization service
     * @param tokenGenerator       the token generator
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
55 56 
     * @since 0.2.3
     */
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
57 
    public WxMiniAppAuthenticationProvider(
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
58 59 
            OAuth2AuthorizationService authorizationService,
            OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator,
feat: 新增SAS密码、验证码、短信验证码和微信小程序授权模式  
郝先瑞 已提交
60 
            MemberDetailsService memberDetailsService,
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
61 62 
            WxMaService wxMaService
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
63 64 65 
    ) {
        Assert.notNull(authorizationService, "authorizationService cannot be null");
        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
feat: 新增SAS密码、验证码、短信验证码和微信小程序授权模式  
郝先瑞 已提交
66 
        Assert.notNull(memberDetailsService, "userDetailsService cannot be null");
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
67 
        Assert.notNull(wxMaService, "wxMaService cannot be null");
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
68 69 
        this.authorizationService = authorizationService;
        this.tokenGenerator = tokenGenerator;
feat: 新增SAS密码、验证码、短信验证码和微信小程序授权模式  
郝先瑞 已提交
70 
        this.memberDetailsService = memberDetailsService;
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
71 
        this.wxMaService = wxMaService;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
72 73 74 75 76 
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
77 
        WxMiniAppAuthenticationToken wxMiniAppAuthenticationToken = (WxMiniAppAuthenticationToken) authentication;
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
78
feat: 微信小程序授权认证扩展(临时提交勿clone)  
郝先瑞 已提交
79 
        OAuth2ClientAuthenticationToken clientPrincipal = OAuth2AuthenticationProviderUtils
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
80 
                .getAuthenticatedClientElseThrowInvalidClient(wxMiniAppAuthenticationToken);
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
81 
        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
82 83 

        // 验证客户端是否支持授权类型(grant_type=wechat_mini_app)
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
84 
        if (!registeredClient.getAuthorizationGrantTypes().contains(WxMiniAppAuthenticationToken.WECHAT_MINI_APP)) {
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
85 
            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
86 87 
        }
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
88 
        // 微信 code 获取 openid
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
89 
        Map<String, Object> additionalParameters = wxMiniAppAuthenticationToken.getAdditionalParameters();
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
90 
        String code = (String) additionalParameters.get(OAuth2ParameterNames.CODE);
refactor: 升级短信验证码授权模式(临时提交,勿clone)  
郝先瑞 已提交
91 92 93 94 95 96 97 98 99 
        WxMaJscode2SessionResult sessionInfo;
        try {
            sessionInfo = wxMaService.getUserService().getSessionInfo(code);
        } catch (WxErrorException e) {
            e.printStackTrace();
            throw new OAuth2AuthenticationException(e.getMessage());
        }
        String openid = sessionInfo.getOpenid();
        // 根据 openid 获取会员信息
feat: 新增SAS密码、验证码、短信验证码和微信小程序授权模式  
郝先瑞 已提交
100 
        UserDetails userDetails = memberDetailsService.loadUserByOpenid(openid);
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
101
refactor: 移除实验室模块和相关代码优化(临时提交,勿clone)  
郝先瑞 已提交
102 
        Authentication usernamePasswordAuthentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword());
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
103
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
104 
        // 访问令牌(Access Token) 构造器
H
refactor: 框架升级错误问题修复(临时提交勿clone)  
haoxr 已提交
105 106 107 108 
        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
                .registeredClient(registeredClient)
                .principal(usernamePasswordAuthentication)
                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
109 110 
                .authorizationGrantType(WxMiniAppAuthenticationToken.WECHAT_MINI_APP)
                .authorizationGrant(wxMiniAppAuthenticationToken);
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
111
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
112 
        // 生成访问令牌(Access Token)
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
113 114 115 116 117 118 119 120 121 122 123 
        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
        if (generatedAccessToken == null) {
            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                    "The token generator failed to generate the access token.", ERROR_URI);
            throw new OAuth2AuthenticationException(error);
        }

        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
H
refactor: 框架升级错误问题修复(临时提交勿clone)  
haoxr 已提交
124 
        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
125 
                .principalName(userDetails.getUsername())
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
126 
                .authorizationGrantType(WxMiniAppAuthenticationToken.WECHAT_MINI_APP)
H
refactor: 框架升级错误问题修复(临时提交勿clone)  
haoxr 已提交
127 
                .attribute(Principal.class.getName(), usernamePasswordAuthentication);
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
128 129 130 131 132 133 134 
        if (generatedAccessToken instanceof ClaimAccessor) {
            authorizationBuilder.token(accessToken, (metadata) ->
                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims()));
        } else {
            authorizationBuilder.accessToken(accessToken);
        }
refactor: 完善微信小程序授权模式  
郝先瑞 已提交
135 
        // 生成刷新令牌(Refresh token)
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 
        OAuth2RefreshToken refreshToken = null;
        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
                // Do not issue refresh token to public client
                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {

            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                        "The token generator failed to generate the refresh token.", ERROR_URI);
                throw new OAuth2AuthenticationException(error);
            }


            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
            authorizationBuilder.refreshToken(refreshToken);
        }

        OAuth2Authorization authorization = authorizationBuilder.build();
        this.authorizationService.save(authorization);
        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, additionalParameters);
    }

    @Override
    public boolean supports(Class<?> authentication) {
refactor: 移除中间件模块和相关代码重构  
郝先瑞 已提交
161 
        return WxMiniAppAuthenticationToken.class.isAssignableFrom(authentication);
refactor: 认证中心升级(临时提交勿clone)  
郝先瑞 已提交
162 163 164 
    }

}