mirror of
https://github.com/hs-web/hsweb-framework.git
synced 2026-06-09 01:14:16 +08:00
优化OAuth2
This commit is contained in:
zhou-hao
@@ -19,8 +19,6 @@
|
||||
package org.hswebframework.web.authorization.oauth2.server.support.password;
|
||||
|
||||
/**
|
||||
* TODO 完成注释
|
||||
*
|
||||
* @author zhouhao
|
||||
*/
|
||||
public interface PasswordService {
|
||||
|
||||
@@ -23,8 +23,6 @@ import org.hswebframework.web.entity.authorization.UserEntity;
|
||||
import org.hswebframework.web.service.authorization.UserService;
|
||||
|
||||
/**
|
||||
* TODO 完成注释
|
||||
*
|
||||
* @author zhouhao
|
||||
*/
|
||||
public class SimplePasswordService implements PasswordService {
|
||||
|
||||
@@ -53,12 +53,22 @@
|
||||
<artifactId>hsweb-system-oauth2-server-controller</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>servlet-api</artifactId>
|
||||
<version>2.5</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hswebframework.web</groupId>
|
||||
<artifactId>hsweb-spring-boot-starter</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hswebframework.web</groupId>
|
||||
<artifactId>hsweb-authorization-basic</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
@@ -0,0 +1,20 @@
|
||||
package org.hswebframework.web.oauth2;
|
||||
|
||||
import org.hswebframework.web.authorization.basic.web.UserTokenParser;
|
||||
import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
|
||||
import org.hswebframework.web.oauth2.authorization.OAuth2UserTokenParser;
|
||||
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@ConditionalOnClass(UserTokenParser.class)
|
||||
@Configuration
|
||||
@AutoConfigureAfter(OAuth2GranterAutoConfiguration.class)
|
||||
public class OAuth2AuthorizationAutoConfiguration {
|
||||
|
||||
@Bean
|
||||
public OAuth2UserTokenParser oAuth2UserTokenParser(AccessTokenService accessTokenService) {
|
||||
return new OAuth2UserTokenParser(accessTokenService);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
package org.hswebframework.web.oauth2.authorization;
|
||||
|
||||
import org.hswebframework.web.authorization.basic.web.AuthorizedToken;
|
||||
import org.hswebframework.web.authorization.basic.web.ParsedToken;
|
||||
import org.hswebframework.web.authorization.basic.web.UserTokenParser;
|
||||
import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
|
||||
import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
|
||||
import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
|
||||
import org.hswebframework.web.oauth2.core.ErrorType;
|
||||
import org.hswebframework.web.oauth2.core.OAuth2Constants;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
public class OAuth2UserTokenParser implements UserTokenParser {
|
||||
|
||||
public static final String token_type = "oauth2-access-token";
|
||||
|
||||
private AccessTokenService accessTokenService;
|
||||
|
||||
public OAuth2UserTokenParser(AccessTokenService accessTokenService) {
|
||||
this.accessTokenService = accessTokenService;
|
||||
}
|
||||
|
||||
public void setAccessTokenService(AccessTokenService accessTokenService) {
|
||||
this.accessTokenService = accessTokenService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ParsedToken parseToken(HttpServletRequest request) {
|
||||
String accessToken = request.getHeader(OAuth2Constants.authorization);
|
||||
if (StringUtils.isEmpty(accessToken)) {
|
||||
accessToken = request.getParameter(OAuth2Constants.access_token);
|
||||
} else {
|
||||
String[] arr = accessToken.split("[ ]");
|
||||
if (arr.length > 1) {
|
||||
accessToken = arr[1];
|
||||
}
|
||||
}
|
||||
if (StringUtils.isEmpty(accessToken)) {
|
||||
return null;
|
||||
}
|
||||
OAuth2AccessToken auth2AccessToken = accessTokenService.getTokenByAccessToken(accessToken);
|
||||
if (auth2AccessToken == null) {
|
||||
throw new GrantTokenException(ErrorType.INVALID_TOKEN);
|
||||
}
|
||||
Long time = auth2AccessToken.getUpdateTime() != null ? auth2AccessToken.getUpdateTime() : auth2AccessToken.getCreateTime();
|
||||
if (System.currentTimeMillis() - time > auth2AccessToken.getExpiresIn() * 1000) {
|
||||
throw new GrantTokenException(ErrorType.EXPIRED_TOKEN);
|
||||
}
|
||||
|
||||
return new AuthorizedToken() {
|
||||
@Override
|
||||
public String getUserId() {
|
||||
return auth2AccessToken.getOwnerId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getToken() {
|
||||
return auth2AccessToken.getAccessToken();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getType() {
|
||||
return token_type;
|
||||
}
|
||||
|
||||
@Override
|
||||
public long getMaxInactiveInterval() {
|
||||
return auth2AccessToken.getExpiresIn() * 1000;
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -1,3 +1,4 @@
|
||||
# Auto Configure
|
||||
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
|
||||
org.hswebframework.web.oauth2.OAuth2GranterAutoConfiguration
|
||||
org.hswebframework.web.oauth2.OAuth2GranterAutoConfiguration,\
|
||||
org.hswebframework.web.oauth2.OAuth2AuthorizationAutoConfiguration
|
||||
Reference in New Issue
Block a user