Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
zhangjian1949
microservices-platform
提交
6d50fc99
microservices-platform
项目概览
zhangjian1949
/
microservices-platform
与 Fork 源项目一致
Fork自
zlt2000 / microservices-platform
通知
6
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
microservices-platform
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
6d50fc99
编写于
5月 22, 2021
作者:
zlt2000
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
优化OIDC协议
上级
7431a35e
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
132 addition
and
34 deletion
+132
-34
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/SecurityPropertiesConfig.java
...entral/oauth2/common/config/SecurityPropertiesConfig.java
+2
-1
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/constants/IdTokenClaimNames.java
...om/central/oauth2/common/constants/IdTokenClaimNames.java
+15
-0
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/TokenStoreProperties.java
...entral/oauth2/common/properties/TokenStoreProperties.java
+27
-0
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/store/AuthJwtTokenStore.java
...va/com/central/oauth2/common/store/AuthJwtTokenStore.java
+0
-22
zlt-gateway/sc-gateway/src/main/resources/application.yml
zlt-gateway/sc-gateway/src/main/resources/application.yml
+2
-1
zlt-uaa/src/main/java/com/central/oauth/config/AuthorizationServerConfig.java
...a/com/central/oauth/config/AuthorizationServerConfig.java
+8
-7
zlt-uaa/src/main/java/com/central/oauth/controller/TokensController.java
...n/java/com/central/oauth/controller/TokensController.java
+40
-3
zlt-uaa/src/main/java/com/central/oauth/service/impl/CustomTokenServices.java
...a/com/central/oauth/service/impl/CustomTokenServices.java
+17
-0
zlt-uaa/src/main/java/com/central/oauth/utils/OidcIdTokenBuilder.java
...main/java/com/central/oauth/utils/OidcIdTokenBuilder.java
+21
-0
未找到文件。
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/SecurityPropertiesConfig.java
浏览文件 @
6d50fc99
package
com.central.oauth2.common.config
;
import
com.central.oauth2.common.properties.SecurityProperties
;
import
com.central.oauth2.common.properties.TokenStoreProperties
;
import
org.springframework.boot.context.properties.EnableConfigurationProperties
;
/**
...
...
@@ -10,6 +11,6 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
* Blog: https://zlt2000.gitee.io
* Github: https://github.com/zlt2000
*/
@EnableConfigurationProperties
(
SecurityProperties
.
class
)
@EnableConfigurationProperties
(
{
SecurityProperties
.
class
,
TokenStoreProperties
.
class
}
)
public
class
SecurityPropertiesConfig
{
}
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/constants/IdTokenClaimNames.java
浏览文件 @
6d50fc99
...
...
@@ -71,4 +71,19 @@ public class IdTokenClaimNames {
* {@code c_hash} - the Authorization Code hash value
*/
public
final
static
String
C_HASH
=
"c_hash"
;
/**
* {@code name} - 用户姓名
*/
public
final
static
String
NAME
=
"name"
;
/**
* {@code login_name} - 登录名
*/
public
final
static
String
L_NAME
=
"login_name"
;
/**
* {@code picture} - 头像照片
*/
public
final
static
String
PIC
=
"picture"
;
}
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/properties/TokenStoreProperties.java
0 → 100644
浏览文件 @
6d50fc99
package
com.central.oauth2.common.properties
;
import
lombok.Getter
;
import
lombok.Setter
;
import
org.springframework.boot.context.properties.ConfigurationProperties
;
import
org.springframework.cloud.context.config.annotation.RefreshScope
;
/**
* Token配置
*
* @author zlt
* @version 1.0
* @date 2021/5/19
* <p>
* Blog: https://zlt2000.gitee.io
* Github: https://github.com/zlt2000
*/
@Setter
@Getter
@ConfigurationProperties
(
prefix
=
"zlt.oauth2.token.store"
)
@RefreshScope
public
class
TokenStoreProperties
{
/**
* token存储类型(redis/db/authJwt/resJwt)
*/
private
String
type
=
"redis"
;
}
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/store/AuthJwtTokenStore.java
浏览文件 @
6d50fc99
...
...
@@ -56,26 +56,4 @@ public class AuthJwtTokenStore {
tokenConverter
.
setUserTokenConverter
(
new
CustomUserAuthenticationConverter
());
return
converter
;
}
/**
* jwt 生成token 定制化处理
* 添加一些额外的用户信息到token里面
*
* @return TokenEnhancer
*/
@Bean
@Order
(
1
)
public
TokenEnhancer
tokenEnhancer
()
{
return
(
accessToken
,
authentication
)
->
{
final
Map
<
String
,
Object
>
additionalInfo
=
new
HashMap
<>(
1
);
Object
principal
=
authentication
.
getPrincipal
();
//增加id参数
if
(
principal
instanceof
SysUser
)
{
SysUser
user
=
(
SysUser
)
principal
;
additionalInfo
.
put
(
"id"
,
user
.
getId
());
}
((
DefaultOAuth2AccessToken
)
accessToken
).
setAdditionalInformation
(
additionalInfo
);
return
accessToken
;
};
}
}
zlt-gateway/sc-gateway/src/main/resources/application.yml
浏览文件 @
6d50fc99
...
...
@@ -99,7 +99,8 @@ zlt:
/api-uaa/images/**,
/api-uaa/js/**,
/login.html,
/user/login
/user/login,
/api-uaa/tokens/key
auth
:
urlPermission
:
#是否开启url级别权限
...
...
zlt-uaa/src/main/java/com/central/oauth/config/AuthorizationServerConfig.java
浏览文件 @
6d50fc99
...
...
@@ -7,8 +7,8 @@ import com.central.oauth.service.IClientService;
import
com.central.oauth.service.impl.RedisClientDetailsService
;
import
com.central.oauth.utils.OidcIdTokenBuilder
;
import
com.central.oauth2.common.constants.IdTokenClaimNames
;
import
com.central.oauth2.common.properties.TokenStoreProperties
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.autoconfigure.AutoConfigureAfter
;
import
org.springframework.cloud.bootstrap.encrypt.KeyProperties
;
import
org.springframework.context.annotation.Bean
;
...
...
@@ -71,9 +71,6 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
@Autowired
private
TokenGranter
tokenGranter
;
@Value
(
"${zlt.oauth2.token.store.type:'redis'}"
)
private
String
tokenStoreType
;
/**
* 配置身份认证器,配置认证方式,TokenStore,TokenGranter,OAuth2RequestFactory
* @param endpoints
...
...
@@ -116,11 +113,12 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
@Bean
@Order
(
1
)
public
TokenEnhancer
tokenEnhancer
(
@Autowired
(
required
=
false
)
KeyProperties
keyProperties
,
IClientService
clientService
)
{
,
IClientService
clientService
,
TokenStoreProperties
tokenStoreProperties
)
{
return
(
accessToken
,
authentication
)
->
{
Set
<
String
>
responseTypes
=
authentication
.
getOAuth2Request
().
getResponseTypes
();
if
(
responseTypes
.
contains
(
SecurityConstants
.
ID_TOKEN
)
||
"authJwt"
.
equals
(
tokenStore
Type
))
{
||
"authJwt"
.
equals
(
tokenStore
Properties
.
getType
()
))
{
Map
<
String
,
Object
>
additionalInfo
=
new
HashMap
<>(
2
);
Object
principal
=
authentication
.
getPrincipal
();
//增加id参数
...
...
@@ -130,7 +128,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
//生成id_token
setIdToken
(
additionalInfo
,
authentication
,
keyProperties
,
clientService
,
user
);
}
if
(
"authJwt"
.
equals
(
tokenStore
Type
))
{
if
(
"authJwt"
.
equals
(
tokenStore
Properties
.
getType
()
))
{
additionalInfo
.
put
(
"id"
,
user
.
getId
());
}
}
...
...
@@ -160,6 +158,9 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
.
issuedAt
(
now
)
.
expiresAt
(
expiresAt
)
.
subject
(
String
.
valueOf
(
user
.
getId
()))
.
name
(
user
.
getNickname
())
.
loginName
(
user
.
getUsername
())
.
picture
(
user
.
getHeadImgUrl
())
.
audience
(
clientId
)
.
nonce
(
nonce
)
.
build
();
...
...
zlt-uaa/src/main/java/com/central/oauth/controller/TokensController.java
浏览文件 @
6d50fc99
package
com.central.oauth.controller
;
import
com.central.common.
annotation.LoginClient
;
import
com.central.common.
constant.SecurityConstants
;
import
com.central.common.model.PageResult
;
import
com.central.common.model.Result
;
import
com.central.oauth.model.TokenVo
;
import
com.central.oauth.service.ITokensService
;
import
com.central.oauth2.common.util.AuthUtils
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.core.io.ClassPathResource
;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.oauth2.provider.ClientDetails
;
import
org.springframework.security.oauth2.provider.ClientDetailsService
;
import
org.springframework.web.bind.annotation.*
;
import
javax.annotation.Resource
;
import
javax.servlet.http.HttpServletRequest
;
import
java.io.BufferedReader
;
import
java.io.IOException
;
import
java.io.InputStreamReader
;
import
java.util.Map
;
import
java.util.stream.Collectors
;
/**
* token管理接口
...
...
@@ -17,15 +30,39 @@ import java.util.Map;
* @author zlt
*/
@Api
(
tags
=
"Token管理"
)
@Slf4j
@RestController
@RequestMapping
(
"/tokens"
)
public
class
TokensController
{
@
Autowired
@
Resource
private
ITokensService
tokensService
;
@Resource
private
ClientDetailsService
clientDetailsService
;
@Resource
private
PasswordEncoder
passwordEncoder
;
@GetMapping
(
""
)
@ApiOperation
(
value
=
"token列表"
)
public
PageResult
<
TokenVo
>
list
(
@RequestParam
Map
<
String
,
Object
>
params
,
String
tenantId
)
{
return
tokensService
.
listTokens
(
params
,
tenantId
);
}
@GetMapping
(
"/key"
)
@ApiOperation
(
value
=
"获取jwt密钥"
)
public
Result
<
String
>
key
(
HttpServletRequest
request
)
{
String
[]
clientArr
=
AuthUtils
.
extractClient
(
request
);
ClientDetails
clientDetails
=
clientDetailsService
.
loadClientByClientId
(
clientArr
[
0
]);
if
(!
passwordEncoder
.
matches
(
clientArr
[
1
],
clientDetails
.
getClientSecret
()))
{
throw
new
BadCredentialsException
(
"应用密码错误"
);
}
org
.
springframework
.
core
.
io
.
Resource
res
=
new
ClassPathResource
(
SecurityConstants
.
RSA_PUBLIC_KEY
);
try
(
BufferedReader
br
=
new
BufferedReader
(
new
InputStreamReader
(
res
.
getInputStream
())))
{
return
Result
.
succeed
(
br
.
lines
().
collect
(
Collectors
.
joining
(
"\n"
)));
}
catch
(
IOException
ioe
)
{
log
.
error
(
"key error"
,
ioe
);
return
Result
.
failed
(
ioe
.
getMessage
());
}
}
}
zlt-uaa/src/main/java/com/central/oauth/service/impl/CustomTokenServices.java
浏览文件 @
6d50fc99
package
com.central.oauth.service.impl
;
import
com.central.common.constant.SecurityConstants
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.oauth2.common.*
;
import
org.springframework.security.oauth2.provider.OAuth2Authentication
;
...
...
@@ -9,6 +10,7 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
import
org.springframework.transaction.annotation.Transactional
;
import
java.util.Date
;
import
java.util.Set
;
import
java.util.UUID
;
/**
...
...
@@ -55,6 +57,8 @@ public class CustomTokenServices extends DefaultTokenServices {
tokenStore
.
removeAccessToken
(
existingAccessToken
);
}
else
{
// oidc每次授权都刷新id_token
existingAccessToken
=
refreshIdToken
(
existingAccessToken
,
authentication
);
// Re-store the access token in case the authentication has changed
tokenStore
.
storeAccessToken
(
existingAccessToken
,
authentication
);
return
existingAccessToken
;
...
...
@@ -89,6 +93,19 @@ public class CustomTokenServices extends DefaultTokenServices {
}
/**
* oidc每次授权都刷新id_token
* @param token 已存在的token
* @param authentication 认证信息
*/
private
OAuth2AccessToken
refreshIdToken
(
OAuth2AccessToken
token
,
OAuth2Authentication
authentication
)
{
Set
<
String
>
responseTypes
=
authentication
.
getOAuth2Request
().
getResponseTypes
();
if
(
accessTokenEnhancer
!=
null
&&
responseTypes
.
contains
(
SecurityConstants
.
ID_TOKEN
))
{
return
accessTokenEnhancer
.
enhance
(
token
,
authentication
);
}
return
token
;
}
private
OAuth2RefreshToken
createRefreshToken
(
OAuth2Authentication
authentication
)
{
if
(!
isSupportRefreshToken
(
authentication
.
getOAuth2Request
()))
{
return
null
;
...
...
zlt-uaa/src/main/java/com/central/oauth/utils/OidcIdTokenBuilder.java
浏览文件 @
6d50fc99
...
...
@@ -100,6 +100,27 @@ public class OidcIdTokenBuilder {
return
this
.
claim
(
SUB
,
subject
);
}
/**
* 赋值用户姓名
*/
public
OidcIdTokenBuilder
name
(
String
name
)
{
return
this
.
claim
(
NAME
,
name
);
}
/**
* 赋值用户登录名
*/
public
OidcIdTokenBuilder
loginName
(
String
loginName
)
{
return
this
.
claim
(
L_NAME
,
loginName
);
}
/**
* 赋值用户头像
*/
public
OidcIdTokenBuilder
picture
(
String
picture
)
{
return
this
.
claim
(
PIC
,
picture
);
}
/**
* Build the {@link OidcIdTokenBuilder}
*
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录