Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
有来开源组织
youlai-mall
提交
14b8bd8d
Y
youlai-mall
项目概览
有来开源组织
/
youlai-mall
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Y
youlai-mall
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
14b8bd8d
编写于
6月 10, 2023
作者:
郝
郝先瑞
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: 微信小程序授权认证扩展(临时提交勿clone)
上级
9a991973
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
205 addition
and
122 deletion
+205
-122
youlai-auth/src/main/java/com/youlai/auth/authentication/miniapp/WxMiniAppAuthenticationConverter.java
...hentication/miniapp/WxMiniAppAuthenticationConverter.java
+92
-0
youlai-auth/src/main/java/com/youlai/auth/authentication/miniapp/WxMiniAppAuthenticationProvider.java
...thentication/miniapp/WxMiniAppAuthenticationProvider.java
+32
-27
youlai-auth/src/main/java/com/youlai/auth/authentication/miniapp/WxMiniAppAuthenticationToken.java
.../authentication/miniapp/WxMiniAppAuthenticationToken.java
+6
-14
youlai-auth/src/main/java/com/youlai/auth/authentication/miniapp/WxMiniAppParameterNames.java
.../auth/authentication/miniapp/WxMiniAppParameterNames.java
+2
-2
youlai-auth/src/main/java/com/youlai/auth/authentication/mobile/SmsCodeAuthenticationProvider.java
.../authentication/mobile/SmsCodeAuthenticationProvider.java
+2
-2
youlai-auth/src/main/java/com/youlai/auth/authentication/refresh/PreAuthenticatedUserDetailsService.java
...ntication/refresh/PreAuthenticatedUserDetailsService.java
+0
-70
youlai-auth/src/main/java/com/youlai/auth/userdetails/member/MemberUserDetails.java
...com/youlai/auth/userdetails/member/MemberUserDetails.java
+2
-2
youlai-auth/src/main/java/com/youlai/auth/userdetails/member/MemberUserDetailsService.java
...lai/auth/userdetails/member/MemberUserDetailsService.java
+6
-5
youlai-auth/src/main/java/com/youlai/auth/util/OAuth2AuthenticationProviderUtils.java
...m/youlai/auth/util/OAuth2AuthenticationProviderUtils.java
+63
-0
未找到文件。
youlai-auth/src/main/java/com/youlai/auth/authentication/
wechat/WechatMiniProgram
AuthenticationConverter.java
→
youlai-auth/src/main/java/com/youlai/auth/authentication/
miniapp/WxMiniApp
AuthenticationConverter.java
浏览文件 @
14b8bd8d
package
com.youlai.auth.authentication.
wechat
;
package
com.youlai.auth.authentication.
miniapp
;
import
cn.hutool.core.util.StrUtil
;
import
com.youlai.auth.authentication.password.ResourceOwnerPasswordAuthenticationToken
;
import
com.youlai.auth.util.OAuth2EndpointUtils
;
import
jakarta.servlet.http.HttpServletRequest
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.oauth2.core.OAuth2AuthenticationException
;
import
org.springframework.security.oauth2.core.OAuth2Error
;
import
org.springframework.security.oauth2.core.OAuth2ErrorCodes
;
import
org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
;
import
org.springframework.security.web.authentication.AuthenticationConverter
;
import
org.springframework.util.LinkedMultiValueMap
;
import
org.springframework.util.MultiValueMap
;
import
org.springframework.util.StringUtils
;
import
java.util.Arrays
;
import
java.util.HashSet
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
/**
...
...
@@ -26,70 +18,50 @@ import java.util.stream.Collectors;
*
* @see org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeAuthenticationConverter
*/
public
class
W
echatMiniProgram
AuthenticationConverter
implements
AuthenticationConverter
{
public
class
W
xMiniApp
AuthenticationConverter
implements
AuthenticationConverter
{
public
static
final
String
ACCESS_TOKEN_REQUEST_ERROR_URI
=
"https://developers.weixin.qq.com/miniprogram/dev/api-backend/open-api/login/auth.code2Session.html"
;
String
CODE
=
"code"
;
String
IV
=
"iv"
;
String
ENCRYPTED_DATA
=
"encryptedData"
;
public
static
final
String
ACCESS_TOKEN_REQUEST_ERROR_URI
=
"https://developers.weixin.qq.com/miniprogram/dev/api-backend/open-api/login/auth.code2Session.html"
;
@Override
public
Authentication
convert
(
HttpServletRequest
request
)
{
// grant_type (REQUIRED)
String
grantType
=
request
.
getParameter
(
OAuth2ParameterNames
.
GRANT_TYPE
);
if
(!
W
eChatMiniProgramAuthenticationToken
.
WECHAT_MINI_PROGRAM
.
getValue
().
equals
(
grantType
))
{
if
(!
W
xMiniAppAuthenticationToken
.
WX_MINI_APP
.
getValue
().
equals
(
grantType
))
{
return
null
;
}
MultiValueMap
<
String
,
String
>
parameters
=
OAuth2EndpointUtils
.
getParameters
(
request
);
// scope (OPTIONAL)
String
scope
=
parameters
.
getFirst
(
OAuth2ParameterNames
.
SCOPE
);
if
(
StringUtils
.
hasText
(
scope
)
&&
parameters
.
get
(
OAuth2ParameterNames
.
SCOPE
).
size
()
!=
1
)
{
OAuth2EndpointUtils
.
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ParameterNames
.
SCOPE
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Set
<
String
>
requestedScopes
=
null
;
if
(
StringUtils
.
hasText
(
scope
))
{
requestedScopes
=
new
HashSet
<>(
Arrays
.
asList
(
StringUtils
.
delimitedListToStringArray
(
scope
,
" "
)));
}
// code (REQUIRED)
String
code
=
parameters
.
getFirst
(
W
echatMiniProgram
ParameterNames
.
CODE
);
String
code
=
parameters
.
getFirst
(
W
xMiniApp
ParameterNames
.
CODE
);
if
(
StrUtil
.
isBlank
(
code
))
{
throwError
(
OAuth2EndpointUtils
.
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
W
echatMiniProgram
ParameterNames
.
CODE
,
W
xMiniApp
ParameterNames
.
CODE
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
// encryptedData (REQUIRED)
String
encryptedData
=
parameters
.
getFirst
(
W
echatMiniProgram
ParameterNames
.
ENCRYPTED_DATA
);
String
encryptedData
=
parameters
.
getFirst
(
W
xMiniApp
ParameterNames
.
ENCRYPTED_DATA
);
if
(
StrUtil
.
isBlank
(
encryptedData
))
{
throwError
(
OAuth2EndpointUtils
.
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
W
echatMiniProgram
ParameterNames
.
ENCRYPTED_DATA
,
W
xMiniApp
ParameterNames
.
ENCRYPTED_DATA
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
// iv (REQUIRED)
String
iv
=
parameters
.
getFirst
(
W
echatMiniProgram
ParameterNames
.
IV
);
String
iv
=
parameters
.
getFirst
(
W
xMiniApp
ParameterNames
.
IV
);
if
(
StrUtil
.
isBlank
(
iv
))
{
throwError
(
OAuth2EndpointUtils
.
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
W
echatMiniProgram
ParameterNames
.
IV
,
W
xMiniApp
ParameterNames
.
IV
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
}
Authentication
clientPrincipal
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
if
(
clientPrincipal
==
null
)
{
throwError
(
OAuth2EndpointUtils
.
throwError
(
OAuth2ErrorCodes
.
INVALID_REQUEST
,
OAuth2ErrorCodes
.
INVALID_CLIENT
,
ACCESS_TOKEN_REQUEST_ERROR_URI
);
...
...
@@ -101,32 +73,20 @@ public class WechatMiniProgramAuthenticationConverter implements AuthenticationC
.
filter
(
e
->
!
e
.
getKey
().
equals
(
OAuth2ParameterNames
.
GRANT_TYPE
)
&&
!
e
.
getKey
().
equals
(
OAuth2ParameterNames
.
SCOPE
)
&&
!
e
.
getKey
().
equals
(
WxMiniAppParameterNames
.
CODE
)
&&
!
e
.
getKey
().
equals
(
WxMiniAppParameterNames
.
ENCRYPTED_DATA
)
&&
!
e
.
getKey
().
equals
(
WxMiniAppParameterNames
.
IV
)
)
.
collect
(
Collectors
.
toMap
(
Map
.
Entry
::
getKey
,
e
->
e
.
getValue
().
get
(
0
)));
return
new
ResourceOwnerPassword
AuthenticationToken
(
return
new
WxMiniApp
AuthenticationToken
(
clientPrincipal
,
requestedScopes
,
additionalParameters
additionalParameters
,
code
,
encryptedData
,
iv
);
}
public
static
MultiValueMap
<
String
,
String
>
getParameters
(
HttpServletRequest
request
)
{
Map
<
String
,
String
[]>
parameterMap
=
request
.
getParameterMap
();
MultiValueMap
<
String
,
String
>
parameters
=
new
LinkedMultiValueMap
(
parameterMap
.
size
());
parameterMap
.
forEach
((
key
,
values
)
->
{
for
(
String
value
:
values
)
{
parameters
.
add
(
key
,
value
);
}
});
return
parameters
;
}
public
static
void
throwError
(
String
errorCode
,
String
parameterName
,
String
errorUri
)
{
OAuth2Error
error
=
new
OAuth2Error
(
errorCode
,
"OAuth 2.0 Parameter: "
+
parameterName
,
errorUri
);
throw
new
OAuth2AuthenticationException
(
error
);
}
}
youlai-auth/src/main/java/com/youlai/auth/authentication/
wechat/WechatMiniProgram
AuthenticationProvider.java
→
youlai-auth/src/main/java/com/youlai/auth/authentication/
miniapp/WxMiniApp
AuthenticationProvider.java
浏览文件 @
14b8bd8d
package
com.youlai.auth.authentication.
wechat
;
package
com.youlai.auth.authentication.
miniapp
;
import
cn.hutool.core.lang.Assert
;
import
com.youlai.auth.authentication.password.ResourceOwnerPasswordAuthenticationToken
;
import
com.youlai.auth.userdetails.member.MmsUserDetailsService
;
import
com.youlai.auth.userdetails.member.MemberUserDetailsService
;
import
com.youlai.auth.util.OAuth2AuthenticationProviderUtils
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.security.authentication.AuthenticationProvider
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.oauth2.core.*
;
import
org.springframework.security.oauth2.server.authorization.OAuth2Authorization
;
...
...
@@ -22,84 +24,87 @@ import org.springframework.security.oauth2.server.authorization.token.OAuth2Toke
import
org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator
;
import
java.security.Principal
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Map
;
/**
* 微信认证
提供者
* 微信认证
Provider
*
* @author haoxr
* @since 3.0.0
*/
@Slf4j
public
class
W
echatMiniProgram
AuthenticationProvider
implements
AuthenticationProvider
{
public
class
W
xMiniApp
AuthenticationProvider
implements
AuthenticationProvider
{
private
static
final
String
ERROR_URI
=
"https://datatracker.ietf.org/doc/html/rfc6749#section-5.2"
;
private
final
OAuth2AuthorizationService
authorizationService
;
private
final
OAuth2TokenGenerator
<?
extends
OAuth2Token
>
tokenGenerator
;
private
final
MmsUserDetailsService
mmsUserDetailsService
;
private
final
MemberUserDetailsService
memberUserDetailsService
;
/**
* Constructs an {@code OAuth2ResourceOwnerPasswordAuthenticationProviderNew} using the provided parameters.
*
* @param authenticationManager the authentication manager
* @param authorizationService the authorization service
* @param tokenGenerator the token generator
* @since 0.2.3
*/
public
W
echatMiniProgram
AuthenticationProvider
(
public
W
xMiniApp
AuthenticationProvider
(
OAuth2AuthorizationService
authorizationService
,
OAuth2TokenGenerator
<?
extends
OAuth2Token
>
tokenGenerator
,
M
msUserDetailsService
mms
UserDetailsService
M
emberUserDetailsService
member
UserDetailsService
)
{
Assert
.
notNull
(
authorizationService
,
"authorizationService cannot be null"
);
Assert
.
notNull
(
tokenGenerator
,
"tokenGenerator cannot be null"
);
this
.
authorizationService
=
authorizationService
;
this
.
tokenGenerator
=
tokenGenerator
;
this
.
m
msUserDetailsService
=
mms
UserDetailsService
;
this
.
m
emberUserDetailsService
=
member
UserDetailsService
;
}
@Override
public
Authentication
authenticate
(
Authentication
authentication
)
throws
AuthenticationException
{
WeChatMiniProgramAuthenticationToken
authenticationToken
=
(
WeChatMiniProgramAuthenticationToken
)
authentication
;
authenticationToken
.
getIv
()
WxMiniAppAuthenticationToken
authenticationToken
=
(
WxMiniAppAuthenticationToken
)
authentication
;
// 参数
String
code
=
authenticationToken
.
getCode
();
String
encryptedData
=
authenticationToken
.
getEncryptedData
();
String
iv
=
authenticationToken
.
getIv
();
Map
<
String
,
Object
>
additionalParameters
=
authenticationToken
.
getAdditionalParameters
();
// 验证客户端是否已认证
OAuth2ClientAuthenticationToken
clientPrincipal
=
getAuthenticatedClientElseThrowInvalidClient
(
authenticationToken
);
OAuth2ClientAuthenticationToken
clientPrincipal
=
OAuth2AuthenticationProviderUtils
.
getAuthenticatedClientElseThrowInvalidClient
(
authenticationToken
);
RegisteredClient
registeredClient
=
clientPrincipal
.
getRegisteredClient
();
// 验证客户端是否支持(grant_type=password)授权模式
if
(!
registeredClient
.
getAuthorizationGrantTypes
().
contains
(
AuthorizationGrantType
.
PASSWORD
))
{
throw
new
OAuth2AuthenticationException
(
OAuth2ErrorCodes
.
UNAUTHORIZED_CLIENT
);
if
(
registeredClient
==
null
)
{
OAuth2Error
error
=
new
OAuth2Error
(
OAuth2ErrorCodes
.
SERVER_ERROR
,
"注册客户不能为空"
,
null
);
throw
new
OAuth2AuthenticationException
(
error
);
}
// 密码验证
Map
<
String
,
Object
>
additionalParameters
=
authenticationToken
.
getAdditionalParameters
();
String
code
=
(
String
)
additionalParameters
.
get
(
"code"
);
String
encryptedData
=
(
String
)
additionalParameters
.
get
(
"encryptedData"
);
String
iv
=
(
String
)
additionalParameters
.
get
(
"iv"
);
UserDetails
userDetails
=
mmsUserDetailsService
.
loadUserByWechatCode
(
code
,
encryptedData
,
iv
);
UserDetails
userDetails
=
memberUserDetailsService
.
loadUserByWechatCode
(
code
,
encryptedData
,
iv
);
UsernamePasswordAuthenticationToken
principal
=
UsernamePasswordAuthenticationToken
.
authenticated
(
userDetails
,
null
,
userDetails
.
getAuthorities
());
WeChatMiniProgramAuthenticationToken
weChatMiniProgramAuthenticationToken
=
new
WeChatMiniProgramAuthenticationToken
()
Authentication
usernamePasswordAuthentication
=
new
WeChatMiniProgramAuthenticationToken
();
List
<
GrantedAuthority
>
authorities
=
new
ArrayList
<>();
WxMiniAppAuthenticationToken
wxMiniAppAuthenticationToken
=
new
WxMiniAppAuthenticationToken
(
authorities
,
clientPrincipal
,
principal
,
user
,
additionalParameters
,
details
,
appid
,
code
,
openid
);
// 生成 access_token
// @formatter:off
DefaultOAuth2TokenContext
.
Builder
tokenContextBuilder
=
DefaultOAuth2TokenContext
.
builder
()
.
registeredClient
(
registeredClient
)
.
principal
(
userDetails
.
getUsername
())
.
authorizationServerContext
(
AuthorizationServerContextHolder
.
getContext
())
.
authorizationGrantType
(
AuthorizationGrantType
.
PASSWORD
);
// @formatter:on
...
...
youlai-auth/src/main/java/com/youlai/auth/authentication/
wechat/WeChatMiniProgram
AuthenticationToken.java
→
youlai-auth/src/main/java/com/youlai/auth/authentication/
miniapp/WxMiniApp
AuthenticationToken.java
浏览文件 @
14b8bd8d
package
com.youlai.auth.authentication.
wechat
;
package
com.youlai.auth.authentication.
miniapp
;
import
lombok.Getter
;
import
org.springframework.security.core.Authentication
;
...
...
@@ -15,12 +15,12 @@ import java.util.Map;
* @see OAuth2AuthorizationCodeAuthenticationToken
* @since 3.0.0
*/
public
class
W
eChatMiniProgram
AuthenticationToken
extends
OAuth2AuthorizationGrantAuthenticationToken
{
public
class
W
xMiniApp
AuthenticationToken
extends
OAuth2AuthorizationGrantAuthenticationToken
{
/**
* 授权类型:微信小程序
*/
public
static
final
AuthorizationGrantType
W
ECHAT_MINI_PROGRAM
=
new
AuthorizationGrantType
(
"wechat_mini_program
"
);
public
static
final
AuthorizationGrantType
W
X_MINI_APP
=
new
AuthorizationGrantType
(
"wx_mini_app
"
);
@Getter
private
final
String
code
;
...
...
@@ -32,30 +32,22 @@ public class WeChatMiniProgramAuthenticationToken extends OAuth2AuthorizationGra
private
final
String
iv
;
/**
* @see org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames#SCOPE
*/
private
final
String
scope
;
/**
* Sub-class constructor.
*
* @param clientPrincipal the authenticated client principal
* @param additionalParameters the additional parameters
*/
protected
W
eChatMiniProgram
AuthenticationToken
(
protected
W
xMiniApp
AuthenticationToken
(
Authentication
clientPrincipal
,
Map
<
String
,
Object
>
additionalParameters
,
String
code
,
String
encryptedData
,
String
iv
,
String
scope
String
iv
)
{
super
(
W
eChatMiniProgramAuthenticationToken
.
WECHAT_MINI_PROGRAM
,
clientPrincipal
,
additionalParameters
);
super
(
W
xMiniAppAuthenticationToken
.
WX_MINI_APP
,
clientPrincipal
,
additionalParameters
);
this
.
code
=
code
;
this
.
encryptedData
=
encryptedData
;
this
.
iv
=
iv
;
this
.
scope
=
scope
;
}
}
youlai-auth/src/main/java/com/youlai/auth/authentication/
wechat/WechatMiniProgram
ParameterNames.java
→
youlai-auth/src/main/java/com/youlai/auth/authentication/
miniapp/WxMiniApp
ParameterNames.java
浏览文件 @
14b8bd8d
package
com.youlai.auth.authentication.
wechat
;
package
com.youlai.auth.authentication.
miniapp
;
/**
* 微信小程序参数名称
...
...
@@ -6,7 +6,7 @@ package com.youlai.auth.authentication.wechat;
* @author haoxr
* @since 3.0.0
*/
public
interface
W
echatMiniProgram
ParameterNames
{
public
interface
W
xMiniApp
ParameterNames
{
String
CODE
=
"code"
;
...
...
youlai-auth/src/main/java/com/youlai/auth/authentication/mobile/SmsCodeAuthenticationProvider.java
浏览文件 @
14b8bd8d
package
com.youlai.auth.authentication.mobile
;
import
cn.hutool.core.util.StrUtil
;
import
com.youlai.auth.userdetails.member.M
ms
UserDetailsService
;
import
com.youlai.auth.userdetails.member.M
ember
UserDetailsService
;
import
com.youlai.common.constant.SecurityConstants
;
import
com.youlai.common.web.exception.BizException
;
import
com.youlai.mall.ums.api.MemberFeignClient
;
...
...
@@ -44,7 +44,7 @@ public class SmsCodeAuthenticationProvider implements AuthenticationProvider {
// 比对成功删除缓存的验证码
redisTemplate
.
delete
(
codeKey
);
}
UserDetails
userDetails
=
((
M
ms
UserDetailsService
)
userDetailsService
).
loadUserByMobile
(
mobile
);
UserDetails
userDetails
=
((
M
ember
UserDetailsService
)
userDetailsService
).
loadUserByMobile
(
mobile
);
SmsCodeAuthenticationToken
result
=
new
SmsCodeAuthenticationToken
(
userDetails
,
authentication
.
getCredentials
(),
new
HashSet
<>());
result
.
setDetails
(
authentication
.
getDetails
());
return
result
;
...
...
youlai-auth/src/main/java/com/youlai/auth/authentication/refresh/PreAuthenticatedUserDetailsService.java
已删除
100644 → 0
浏览文件 @
9a991973
package
com.youlai.auth.authentication.refresh
;
import
com.youlai.auth.userdetails.member.MmsUserDetailsService
;
import
com.youlai.auth.util.RequestUtils
;
import
com.youlai.common.constant.SecurityConstants
;
import
lombok.NoArgsConstructor
;
import
org.springframework.beans.factory.InitializingBean
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.userdetails.AuthenticationUserDetailsService
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.util.Assert
;
import
java.util.Map
;
/**
* 刷新token再次认证 UserDetailsService
*
* @author <a href="mailto:xianrui0365@163.com">haoxr</a>
* @since 2021/10/2
*/
@NoArgsConstructor
public
class
PreAuthenticatedUserDetailsService
<
T
extends
Authentication
>
implements
AuthenticationUserDetailsService
<
T
>,
InitializingBean
{
/**
* 客户端ID和用户服务 UserDetailService 的映射
*/
private
Map
<
String
,
UserDetailsService
>
userDetailsServiceMap
;
public
PreAuthenticatedUserDetailsService
(
Map
<
String
,
UserDetailsService
>
userDetailsServiceMap
)
{
Assert
.
notNull
(
userDetailsServiceMap
,
"userDetailsService cannot be null."
);
this
.
userDetailsServiceMap
=
userDetailsServiceMap
;
}
@Override
public
void
afterPropertiesSet
()
throws
Exception
{
Assert
.
notNull
(
this
.
userDetailsServiceMap
,
"UserDetailsService must be set"
);
}
/**
* 重写PreAuthenticatedAuthenticationProvider 的 preAuthenticatedUserDetailsService 属性,可根据客户端和认证方式选择用户服务 UserDetailService 获取用户信息 UserDetail
*
* @param authentication
* @return
* @throws UsernameNotFoundException
*/
@Override
public
UserDetails
loadUserDetails
(
T
authentication
)
throws
UsernameNotFoundException
{
String
clientId
=
RequestUtils
.
getClientId
();
// 获取认证身份标识,默认是用户名:username
UserDetailsService
userDetailsService
=
userDetailsServiceMap
.
get
(
clientId
);
switch
(
clientId
)
{
case
SecurityConstants
.
APP_CLIENT_ID
->
{
// 移动端的用户体系是会员,认证方式是通过手机号 mobile 认证
MmsUserDetailsService
mmsUserDetailsService
=
(
MmsUserDetailsService
)
userDetailsService
;
return
mmsUserDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
}
case
SecurityConstants
.
WEAPP_CLIENT_ID
->
{
// 小程序的用户体系是会员,认证方式是通过微信三方标识 openid 认证
MmsUserDetailsService
mmsUserDetailsService
=
(
MmsUserDetailsService
)
userDetailsService
;
return
mmsUserDetailsService
.
loadUserByOpenId
(
authentication
.
getName
());
}
// 管理系统的用户体系是系统用户,认证方式通过用户名 username 认证
default
->
{
return
userDetailsService
.
loadUserByUsername
(
authentication
.
getName
());
}
}
}
}
youlai-auth/src/main/java/com/youlai/auth/userdetails/member/M
ms
UserDetails.java
→
youlai-auth/src/main/java/com/youlai/auth/userdetails/member/M
ember
UserDetails.java
浏览文件 @
14b8bd8d
...
...
@@ -17,7 +17,7 @@ import java.util.HashSet;
* @since 2021/9/27
*/
@Data
public
class
M
ms
UserDetails
implements
UserDetails
{
public
class
M
ember
UserDetails
implements
UserDetails
{
private
Long
memberId
;
private
String
username
;
...
...
@@ -34,7 +34,7 @@ public class MmsUserDetails implements UserDetails {
*
* @param member 小程序会员用户认证信息
*/
public
M
ms
UserDetails
(
MemberAuthDTO
member
)
{
public
M
ember
UserDetails
(
MemberAuthDTO
member
)
{
this
.
setMemberId
(
member
.
getMemberId
());
this
.
setUsername
(
member
.
getUsername
());
this
.
setEnabled
(
GlobalConstants
.
STATUS_YES
.
equals
(
member
.
getStatus
()));
...
...
youlai-auth/src/main/java/com/youlai/auth/userdetails/member/M
ms
UserDetailsService.java
→
youlai-auth/src/main/java/com/youlai/auth/userdetails/member/M
ember
UserDetailsService.java
浏览文件 @
14b8bd8d
...
...
@@ -24,11 +24,12 @@ import org.springframework.stereotype.Service;
/**
* 商城会员用户认证服务
*
* @author <a href="mailto:xianrui0365@163.com">haoxr</a>
* @author haoxr
* @since 3.0.0
*/
@Service
(
"memberUserDetailsService"
)
@RequiredArgsConstructor
public
class
M
ms
UserDetailsService
implements
UserDetailsService
{
public
class
M
ember
UserDetailsService
implements
UserDetailsService
{
private
final
MemberFeignClient
memberFeignClient
;
private
final
WxMaService
wxMaService
;
...
...
@@ -46,12 +47,12 @@ public class MmsUserDetailsService implements UserDetailsService {
* @return
*/
public
UserDetails
loadUserByMobile
(
String
mobile
)
{
M
ms
UserDetails
userDetails
=
null
;
M
ember
UserDetails
userDetails
=
null
;
Result
<
MemberAuthDTO
>
result
=
memberFeignClient
.
loadUserByMobile
(
mobile
);
if
(
Result
.
isSuccess
(
result
))
{
MemberAuthDTO
member
=
result
.
getData
();
if
(
null
!=
member
)
{
userDetails
=
new
M
ms
UserDetails
(
member
);
userDetails
=
new
M
ember
UserDetails
(
member
);
}
}
if
(
userDetails
==
null
)
{
...
...
@@ -103,7 +104,7 @@ public class MmsUserDetailsService implements UserDetailsService {
throw
new
UsernameNotFoundException
(
ResultCode
.
USER_NOT_EXIST
.
getMsg
());
}
UserDetails
userDetails
=
new
M
ms
UserDetails
(
memberAuthInfo
);
UserDetails
userDetails
=
new
M
ember
UserDetails
(
memberAuthInfo
);
if
(!
userDetails
.
isEnabled
())
{
throw
new
DisabledException
(
"该账户已被禁用!"
);
}
else
if
(!
userDetails
.
isAccountNonLocked
())
{
...
...
youlai-auth/src/main/java/com/youlai/auth/util/OAuth2AuthenticationProviderUtils.java
0 → 100644
浏览文件 @
14b8bd8d
package
com.youlai.auth.util
;
import
org.springframework.security.authentication.AuthenticationProvider
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.core.OAuth2AuthenticationException
;
import
org.springframework.security.oauth2.core.OAuth2ErrorCodes
;
import
org.springframework.security.oauth2.core.OAuth2RefreshToken
;
import
org.springframework.security.oauth2.core.OAuth2Token
;
import
org.springframework.security.oauth2.server.authorization.OAuth2Authorization
;
import
org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode
;
import
org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken
;
/**
* Utility methods for the OAuth 2.0 {@link AuthenticationProvider}'s.
*
* @author Joe Grandja
* @since 0.0.3
*/
public
class
OAuth2AuthenticationProviderUtils
{
public
OAuth2AuthenticationProviderUtils
()
{
}
public
static
OAuth2ClientAuthenticationToken
getAuthenticatedClientElseThrowInvalidClient
(
Authentication
authentication
)
{
OAuth2ClientAuthenticationToken
clientPrincipal
=
null
;
if
(
OAuth2ClientAuthenticationToken
.
class
.
isAssignableFrom
(
authentication
.
getPrincipal
().
getClass
()))
{
clientPrincipal
=
(
OAuth2ClientAuthenticationToken
)
authentication
.
getPrincipal
();
}
if
(
clientPrincipal
!=
null
&&
clientPrincipal
.
isAuthenticated
())
{
return
clientPrincipal
;
}
throw
new
OAuth2AuthenticationException
(
OAuth2ErrorCodes
.
INVALID_CLIENT
);
}
public
static
<
T
extends
OAuth2Token
>
OAuth2Authorization
invalidate
(
OAuth2Authorization
authorization
,
T
token
)
{
// @formatter:off
OAuth2Authorization
.
Builder
authorizationBuilder
=
OAuth2Authorization
.
from
(
authorization
)
.
token
(
token
,
(
metadata
)
->
metadata
.
put
(
OAuth2Authorization
.
Token
.
INVALIDATED_METADATA_NAME
,
true
));
if
(
OAuth2RefreshToken
.
class
.
isAssignableFrom
(
token
.
getClass
()))
{
authorizationBuilder
.
token
(
authorization
.
getAccessToken
().
getToken
(),
(
metadata
)
->
metadata
.
put
(
OAuth2Authorization
.
Token
.
INVALIDATED_METADATA_NAME
,
true
));
OAuth2Authorization
.
Token
<
OAuth2AuthorizationCode
>
authorizationCode
=
authorization
.
getToken
(
OAuth2AuthorizationCode
.
class
);
if
(
authorizationCode
!=
null
&&
!
authorizationCode
.
isInvalidated
())
{
authorizationBuilder
.
token
(
authorizationCode
.
getToken
(),
(
metadata
)
->
metadata
.
put
(
OAuth2Authorization
.
Token
.
INVALIDATED_METADATA_NAME
,
true
));
}
}
// @formatter:on
return
authorizationBuilder
.
build
();
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录