spring-security-oauth2 使用 TokenEnhancer 自定义生成令牌

f2b93d3b · 起风了_ZXJ · 3e636557 · f2b93d3b · f2b93d3b · f2b93d3b
3 changed file
--- a/src/main/java/com/example/oauth2/test2/AuthorizationServerConfig.java
+++ b/src/main/java/com/example/oauth2/test2/AuthorizationServerConfig.java
@@ -40,6 +40,8 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
    private ClientDetailsService clientDetailsService;
    @Resource
    private TokenStore tokenStore;
+    @Resource
+    private CustomTokenEnhancer customTokenEnhancer;


    /**
@@ -63,6 +65,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
        service.setSupportRefreshToken(true);
        service.setClientDetailsService(clientDetailsService);
        service.setTokenStore(tokenStore);
+        service.setTokenEnhancer(customTokenEnhancer);
        service.setAccessTokenValiditySeconds(7200); // 令牌默认有效期2小时
        //service.setRefreshTokenValiditySeconds(259200); // 刷新令牌默认有效期3天
        return service;

--- a/src/main/java/com/example/oauth2/test2/CustomTokenEnhancer.java
+++ b/src/main/java/com/example/oauth2/test2/CustomTokenEnhancer.java
+package com.example.oauth2.test2;
+
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+@Component
+public class CustomTokenEnhancer implements TokenEnhancer {
+    @Override
+    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,OAuth2Authentication authentication) {
+        if (accessToken instanceof DefaultOAuth2AccessToken) {
+            DefaultOAuth2AccessToken token = ((DefaultOAuth2AccessToken) accessToken);
+            token.setValue(getNewToken());
+            OAuth2RefreshToken refreshToken = token.getRefreshToken();
+            if (refreshToken instanceof DefaultOAuth2RefreshToken) {
+                token.setRefreshToken(new DefaultOAuth2RefreshToken(getNewToken()));
+            }
+            Map<String, Object> additionalInformation = new HashMap<String, Object>();
+            //自定义返回的拓展字段
+            additionalInformation.put("client_id", authentication.getOAuth2Request().getClientId());
+            additionalInformation.put("custom_key", "custom_key");
+            additionalInformation.put("username", authentication.getOAuth2Request().getRequestParameters().get("username"));
+
+            token.setAdditionalInformation(additionalInformation);
+            return token;
+        }
+        return accessToken;
+    }
+    private String getNewToken() {
+        return "自定义token" + UUID.randomUUID().toString().replace("-", "");
+    }
+}
--- a/src/main/java/com/example/oauth2/test2/UserDetailsServiceImpl.java
+++ b/src/main/java/com/example/oauth2/test2/UserDetailsServiceImpl.java
@@ -10,8 +10,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
 import org.springframework.stereotype.Service;

 import javax.annotation.Resource;
@@ -33,9 +31,6 @@ public class UserDetailsServiceImpl implements UserDetailsService {
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-
-        OAuth2AccessToken oAuth2AccessToken = new RedisTokenStore(redisConnectionFactory).readAccessToken("7a99cc45-42ce-4447-acbe-f30756dde928");
-        System.out.println(oAuth2AccessToken);
        //登录账号
        logger.info("当前登录用户：username：{}   登录时间：{}", username, new Date());
        // 根据账号去数据库查询...