From a932d5171e9496a30ae41ad53dafad57ba6cc26b Mon Sep 17 00:00:00 2001 From: zhouhao Date: Wed, 30 Aug 2017 23:28:10 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=9D=83=E9=99=90=20?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0jwt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../token/MemoryUserTokenManager.java | 8 +++- .../authorization/token/SimpleUserToken.java | 11 +++++ .../web/authorization/token/UserToken.java | 3 ++ .../authorization/token/UserTokenManager.java | 2 +- .../AuthorizingHandlerAutoConfiguration.java | 12 +++-- .../basic/web/DefaultUserTokenParser.java | 28 ----------- .../web/SessionIdUserTokenGenerator.java | 48 +++++++++++++++++++ .../basic/web/SessionIdUserTokenParser.java | 22 +++++++++ .../authorization/basic/web/TokenResult.java | 15 ++++++ .../authorization/basic/web/UserOnSignIn.java | 37 ++++++++++++-- .../basic/web/UserTokenGenerator.java | 15 ++++++ .../basic/web/UserTokenParser.java | 3 +- .../basic/web/WebUserTokenInterceptor.java | 15 ++++-- hsweb-authorization/pom.xml | 1 + 14 files changed, 176 insertions(+), 44 deletions(-) delete mode 100644 hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenParser.java create mode 100644 hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenGenerator.java create mode 100644 hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenParser.java create mode 100644 hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/TokenResult.java create mode 100644 hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenGenerator.java diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/MemoryUserTokenManager.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/MemoryUserTokenManager.java index fb7bc9a1c..2be56e268 100644 --- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/MemoryUserTokenManager.java +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/MemoryUserTokenManager.java @@ -67,7 +67,10 @@ public class MemoryUserTokenManager implements UserTokenManager { private SimpleUserToken checkTimeout(SimpleUserToken detail) { if (null == detail) return null; - if (System.currentTimeMillis() - detail.getLastRequestTime() > timeout * 1000) { + if(detail.getMaxInactiveInterval()<=0){ + return detail; + } + if (System.currentTimeMillis() - detail.getLastRequestTime() >detail.getMaxInactiveInterval()) { detail.setState(TokenState.expired); return detail; } @@ -152,7 +155,7 @@ public class MemoryUserTokenManager implements UserTokenManager { } @Override - public UserToken signIn(String token, String userId) { + public UserToken signIn(String token, String userId,long maxInactiveInterval) { SimpleUserToken detail = new SimpleUserToken(userId, token); if (null != authorizationListenerDispatcher) authorizationListenerDispatcher.doEvent(new UserSignInEvent(detail)); @@ -168,6 +171,7 @@ public class MemoryUserTokenManager implements UserTokenManager { } else { detail.setState(TokenState.effective); } + detail.setMaxInactiveInterval(maxInactiveInterval); tokenUserStorage.put(token, detail); return detail; } diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleUserToken.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleUserToken.java index 97d9c40ad..d38a56065 100644 --- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleUserToken.java +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleUserToken.java @@ -24,6 +24,17 @@ public class SimpleUserToken implements UserToken { private volatile long requestTimes; + private long maxInactiveInterval; + + @Override + public long getMaxInactiveInterval() { + return maxInactiveInterval; + } + + public void setMaxInactiveInterval(long maxInactiveInterval) { + this.maxInactiveInterval = maxInactiveInterval; + } + public SimpleUserToken(String userId, String token) { this.userId = userId; this.token = token; diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserToken.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserToken.java index f7133af26..406020226 100644 --- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserToken.java +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserToken.java @@ -44,6 +44,9 @@ public interface UserToken extends Serializable, Comparable { */ TokenState getState(); + + long getMaxInactiveInterval(); + /** * @return 是否正常 */ diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserTokenManager.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserTokenManager.java index c52f34418..66bf8ae78 100644 --- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserTokenManager.java +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserTokenManager.java @@ -107,7 +107,7 @@ public interface UserTokenManager { * @param token token * @param userId 用户id */ - UserToken signIn(String token, String userId); + UserToken signIn(String token, String userId,long maxInactiveInterval); /** * 更新token,使其不过期 diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java index e661f1bf3..0f36ffa67 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java @@ -13,7 +13,6 @@ import org.hswebframework.web.authorization.token.UserTokenManager; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; @@ -22,6 +21,8 @@ import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; +import java.util.List; + /** * TODO 完成注释 * @@ -48,7 +49,12 @@ public class AuthorizingHandlerAutoConfiguration { @Bean @ConditionalOnMissingBean(UserTokenParser.class) public UserTokenParser userTokenParser() { - return new DefaultUserTokenParser(); + return new SessionIdUserTokenParser(); + } + + @Bean + public SessionIdUserTokenGenerator sessionIdUserTokenGenerator(){ + return new SessionIdUserTokenGenerator(); } @Bean @@ -60,7 +66,7 @@ public class AuthorizingHandlerAutoConfiguration { @Bean public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager, - UserTokenParser userTokenParser) { + List userTokenParser) { return new WebMvcConfigurerAdapter() { @Override public void addInterceptors(InterceptorRegistry registry) { diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenParser.java deleted file mode 100644 index 4b1ac1f80..000000000 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenParser.java +++ /dev/null @@ -1,28 +0,0 @@ -package org.hswebframework.web.authorization.basic.web; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; -import java.util.function.Predicate; - -/** - * @author zhouhao - */ -public class DefaultUserTokenParser implements UserTokenParser { - @Override - public String parseToken(HttpServletRequest request, Predicate tokenValidate) { - String token = request.getParameter("access_token"); - if (null != token) { - if (tokenValidate.test(token)) - return token; - } - - HttpSession session = request.getSession(false); - - if (session != null) { - if (tokenValidate.test(session.getId())) - return session.getId(); - } - - return null; - } -} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenGenerator.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenGenerator.java new file mode 100644 index 000000000..85a04890c --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenGenerator.java @@ -0,0 +1,48 @@ +package org.hswebframework.web.authorization.basic.web; + +import org.hswebframework.web.WebUtil; +import org.hswebframework.web.authorization.Authentication; + +import javax.servlet.http.HttpServletRequest; +import java.io.Serializable; +import java.util.Collections; +import java.util.Map; + +/** + * @author zhouhao + */ +public class SessionIdUserTokenGenerator implements UserTokenGenerator ,Serializable { + + @Override + public String getSupportTokenType() { + return "sessionId"; + } + + @Override + public TokenResult generate(Authentication authentication) { + HttpServletRequest request= WebUtil.getHttpServletRequest(); + if(null==request)throw new UnsupportedOperationException(); + + + int timeout =request.getSession().getMaxInactiveInterval(); + + String sessionId = request.getSession().getId(); + + return new TokenResult() { + @Override + public Map getResponse() { + return Collections.emptyMap(); + } + + @Override + public String getToken() { + return sessionId; + } + + @Override + public int getTimeout() { + return timeout; + } + }; + } +} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenParser.java new file mode 100644 index 000000000..d2386ec72 --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenParser.java @@ -0,0 +1,22 @@ +package org.hswebframework.web.authorization.basic.web; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import java.util.function.Predicate; + +/** + * @author zhouhao + */ +public class SessionIdUserTokenParser implements UserTokenParser { + @Override + public String parseToken(HttpServletRequest request) { + + HttpSession session = request.getSession(false); + + if (session != null) { + return session.getId(); + } + + return null; + } +} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/TokenResult.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/TokenResult.java new file mode 100644 index 000000000..11a97589e --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/TokenResult.java @@ -0,0 +1,15 @@ +package org.hswebframework.web.authorization.basic.web; + +import java.io.Serializable; +import java.util.Map; + +/** + * Created by zhouhao on 2017/8/30. + */ +public interface TokenResult extends Serializable { + Map getResponse(); + + String getToken(); + + int getTimeout(); +} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignIn.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignIn.java index c3ece1309..786a5bd04 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignIn.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignIn.java @@ -6,31 +6,58 @@ import org.hswebframework.web.authorization.listener.AuthorizationListener; import org.hswebframework.web.authorization.listener.event.AuthorizationSuccessEvent; import org.hswebframework.web.authorization.token.UserToken; import org.hswebframework.web.authorization.token.UserTokenManager; +import org.springframework.beans.factory.annotation.Autowired; +import java.util.ArrayList; +import java.util.List; import java.util.Optional; import java.util.UUID; /** - * TODO 完成注释 - * * @author zhouhao */ public class UserOnSignIn implements AuthorizationListener { + + private String defaultTokenType="sessionId"; + private UserTokenManager userTokenManager; + private List userTokenGenerators=new ArrayList<>(); + public UserOnSignIn(UserTokenManager userTokenManager) { this.userTokenManager = userTokenManager; } + + public void setDefaultTokenType(String defaultTokenType) { + this.defaultTokenType = defaultTokenType; + } + + @Autowired(required = false) + public void setUserTokenGenerators(List userTokenGenerators) { + this.userTokenGenerators = userTokenGenerators; + } + @Override public void on(AuthorizationSuccessEvent event) { UserToken token = UserTokenHolder.currentToken(); - String tokenType = (String) event.getParameter("token_type").orElse("sessionId"); + String tokenType = (String) event.getParameter("token_type").orElse(defaultTokenType); if (token != null) { + //先退出已登陆的用户 userTokenManager.signOutByToken(token.getToken()); } - token = userTokenManager.signIn(createToken(tokenType), event.getAuthentication().getUser().getId()); - event.getResult().put("token", token.getToken()); + //创建token + TokenResult newToken = userTokenGenerators.stream() + .filter(generator->generator.getSupportTokenType().equals(tokenType)) + .findFirst() + .orElseThrow(()->new UnsupportedOperationException(tokenType)) + .generate(event.getAuthentication()); + //登入 + userTokenManager.signIn(newToken.getToken(), event.getAuthentication().getUser().getId(),newToken.getTimeout()); + + + //响应结果 + event.getResult().putAll(newToken.getResponse()); } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenGenerator.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenGenerator.java new file mode 100644 index 000000000..4932a097a --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenGenerator.java @@ -0,0 +1,15 @@ +package org.hswebframework.web.authorization.basic.web; + +import org.hswebframework.web.authorization.Authentication; + +/** + * + * 用户令牌生产器,用于在用户进行授权后生成令牌 + * @author zhouhao + * + */ +public interface UserTokenGenerator { + String getSupportTokenType(); + + TokenResult generate(Authentication authentication); +} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenParser.java index df228a6ca..5189538ef 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenParser.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenParser.java @@ -9,5 +9,6 @@ import java.util.function.Predicate; * @author zhouhao */ public interface UserTokenParser { - String parseToken(HttpServletRequest request, Predicate tokenValidate); + + String parseToken(HttpServletRequest request); } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java index 5f0bd4b0b..f756ed543 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java @@ -1,12 +1,13 @@ package org.hswebframework.web.authorization.basic.web; -import org.hswebframework.web.authorization.exception.UnAuthorizedException; import org.hswebframework.web.authorization.token.UserToken; import org.hswebframework.web.authorization.token.UserTokenManager; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.util.List; +import java.util.Objects; /** * TODO 完成注释 @@ -17,16 +18,22 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter { private UserTokenManager userTokenManager; - private UserTokenParser userTokenParser; + private List userTokenParser; - public WebUserTokenInterceptor(UserTokenManager userTokenManager, UserTokenParser userTokenParser) { + public WebUserTokenInterceptor(UserTokenManager userTokenManager, List userTokenParser) { this.userTokenManager = userTokenManager; this.userTokenParser = userTokenParser; } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - String token = userTokenParser.parseToken(request, userTokenManager::tokenIsLoggedIn); + String token = userTokenParser.stream() + .map(parser->parser.parseToken(request)) + .filter(Objects::nonNull) + .filter(userTokenManager::tokenIsLoggedIn) + .findFirst() + .orElse(null); + if (null == token) { return true; } diff --git a/hsweb-authorization/pom.xml b/hsweb-authorization/pom.xml index c2bb597e7..6bf1db7f5 100644 --- a/hsweb-authorization/pom.xml +++ b/hsweb-authorization/pom.xml @@ -17,6 +17,7 @@ hsweb-authorization-shiro hsweb-authorization-security hsweb-authorization-basic + hsweb-authorization-jwt