某些对于小程序我们已经在微信认证过了,只需要到Spring Security直接生成token就可以了。
针对这类需求,虽然通过上一篇文章自定义登录方式也可以实现,但是我们希望把这件事做的简单点,只有傻子才把简单的事情复杂化。因此,我们在Spring Security实现了一个简单粗暴的API,即直接通过API获取JWT Tokn
代码很简单
@RequestMapping(value = "token", method = RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> getUserToken(Principal principal, @RequestBody Map<String, String> parameters) {
// 调用端需要被提供client_credentials if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException("There is no client authentication. Try adding an appropriate authentication filter.");
}
// 保存请求参数
String clientId = this.getClientId(principal);
ClientDetails authenticatedClient = this.clientDetailsService.loadClientByClientId(clientId);
TokenRequest tokenRequest = this.oAuth2RequestFactory.createTokenRequest(parameters, authenticatedClient);
CustomAuthenticationToken authentication = customAuthenticationTokeService.createAuthenticationToken(clientId, parameters);
// 生成token
CustomTokenGranter tokenGranter = new CustomTokenGranter(
tokenServiceFactory.customJwtTokenService(), clientDetailsService, authentication);
OAuth2AccessToken token = tokenGranter.grant(tokenRequest.getGrantType(), tokenRequest); if (token == null) {
throw new UnsupportedGrantTypeException("Unsupported grant type: " + tokenRequest.getGrantType());
} else { return this.getResponse(token);
}
} 复制代码
CustomAuthenticationToken可以自行定义,只要能保存请求参数即可。CustomAuthenticationToken
public class CustomAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private String authType;
private Map<String,String[]> authParams;
private Object principal;
private Object credentials;
} 复制代码
不过我们在createAuthenticationToken中会做一些参数检查,如要求必须有principal和auth_type参数且要求auth_type = auth_finished“。如果有需要的话,还可以加上一些自定义的内容到CustomAuthenticationToken中。
@Service
public class CustomAuthenticationTokenServiceImpl implements CustomAuthenticationTokeService {
@Override
public CustomAuthenticationToken createAuthenticationToken(String clientId, Map<String, String> params) { if (!params.containsKey("principal") || !params.containsKey("auth_type")) { return null;
} if (params.get("auth_type").equals("auth_finished")) {
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("user"));
Map<String, Object> detail = new HashMap<>(1);
detail.put("principal", params.get("principal"));
CustomAuthenticationToken token = new CustomAuthenticationToken(
params.get("auth_type"), params.get("username"), null, null, authorities);
token.setDetails(detail); return token;
} return null;
}
} 复制代码
CustomTokenGranter用来生成令牌,最重要的不是grant方法,或者构造函数我们传递的用于生成令牌的AuthorizationServerTokenServices类
public class CustomTokenGranter extends AbstractTokenGranter {
private static final String GRANT_TYPE = "mini_app";
private boolean allowRefresh;
private Authentication authentication;
public CustomTokenGranter(
AuthorizationServerTokenServices tokenServices,
ClientDetailsService clientDetailsService,
Authentication authentication) {
super(tokenServices, clientDetailsService, new DefaultOAuth2RequestFactory(clientDetailsService), GRANT_TYPE);
this.authentication = authentication;
}
@Override
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
OAuth2AccessToken token = super.grant(grantType, tokenRequest); if (token != null) {
DefaultOAuth2AccessToken noRefresh = new DefaultOAuth2AccessToken(token); if (!this.allowRefresh) {
noRefresh.setRefreshToken((null));
}
token = noRefresh;
} return token;
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
OAuth2Request storedOAuth2Request = this.getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, authentication);
}
public void setAuthentication(Authentication authentication) {
this.authentication = authentication;
}
public void setAllowRefresh(boolean allowRefresh) {
this.allowRefresh = allowRefresh;
}
} 复制代码
AuthorizationServerTokenServices我们在上一篇文章有介绍过,不过在讲一遍加深印象。
token核心的生成逻辑defaultTokenService还是有Spring Security提供,但是我们其中其中的一部分加入了CustomTokenEnhancer用于令牌的内容中加入我们需要的内容,accessTokenConverter设置了我们令牌的密钥和公钥(密钥生成参考:www.jianshu.com/ p / c9d5a2aa8…)
@Service
public class TokenServiceFactory {
private TokenKeyConfig tokenKeyConfig;
private ClientDetailsService clientDetailsService;
@Autowired
public TokenServiceFactory(
TokenKeyConfig tokenKeyConfig,
ClientDetailsService clientDetailsService) {
this.tokenKeyConfig = tokenKeyConfig;
this.clientDetailsService = clientDetailsService;
}
@Bean
public AuthorizationServerTokenServices customJwtTokenService() {
final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(new CustomTokenEnhancer(), accessTokenConverter())); return defaultTokenService(tokenEnhancerChain);
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setAccessTokenConverter(new CustomAccessTokenConverter());
final KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
new ClassPathResource(tokenKeyConfig.getPath()), tokenKeyConfig.getPassword().toCharArray());
converter.setKeyPair(keyStoreKeyFactory.getKeyPair(tokenKeyConfig.getAlias())); return converter;
}
@Bean
public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter());
}
@Bean
public org.springframework.security.oauth2.provider.token.TokenEnhancer tokenEnhancer() { return new TokenEnhancer();
}
private AuthorizationServerTokenServices defaultTokenService(TokenEnhancerChain tokenEnhancerChain) {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setTokenEnhancer(tokenEnhancerChain);
defaultTokenServices.setClientDetailsService(clientDetailsService); return defaultTokenServices;
}
} 复制代码
需要我们关心的内容在于CustomTokenEnhancer,因为我们需要在令牌中加入我们自定义的内容,同时是加角色和用户信息
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
final Map<String, Object> additionalInfo = new HashMap<>();
Set<GrantedAuthority> rolesInfo = new HashSet<>();
Authentication userAuthentication = authentication.getUserAuthentication();
// client credential认证,加入管理员角色 if (authentication.isClientOnly()) {
rolesInfo.add(new SimpleGrantedAuthority("admin"));
}
// 自定义认证,增加detail if (CustomAuthenticationToken.class.isAssignableFrom(userAuthentication.getClass())) {
rolesInfo.addAll(userAuthentication.getAuthorities());
additionalInfo.put("userInfo", userAuthentication.getDetails());
}
// 加入角色
additionalInfo.put("authorities", rolesInfo.stream().map(auth -> auth.getAuthority()).toArray());
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo); return accessToken;
}
} 复制代码
CustomAccessTokenConverter通常是把所有声明放到令牌中
@Component
public class CustomAccessTokenConverter extends DefaultAccessTokenConverter {
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> claims) {
OAuth2Authentication authentication = super.extractAuthentication(claims);
authentication.setDetails(claims); return authentication;
}
} 复制代码
我们有个一项服务,想帮助小程序获取token,在Spring Cloud中那么它只要使用getUserToken方法即可获取token
@FeignClient(name = "auth", configuration = AuthFeignConfigInterceptor.class)
@Service
public interface AuthClient {
/**
* get user token
* @param parameters parameters
* @return token
*/
@RequestMapping(method = RequestMethod.POST, value = "/oauth/api/external/token")
ResponseEntity<OAuth2AccessToken> getUserToken(@RequestBody Map<String, String> parameters);
} 复制代码
AuthFeignConfigInterceptor用户在getUserToken请求中加入client_credential的令牌
public class AuthFeignConfigInterceptor implements RequestInterceptor {
private static String TokenHeader = "authorization";
private static String AccessTokenPrefix = "bearer ";
private static Logger logger = LoggerFactory.getLogger(AuthFeignConfigInterceptor.class);
@Autowired
private ClientCredentialsResourceDetails clientCredentialsResourceDetails;
@Override
public void apply(RequestTemplate requestTemplate) {
requestTemplate.header(TokenHeader, AccessTokenPrefix + getAccessTokenValue());
}
private String getAccessTokenValue() {
try {
logger.info("auth服务中获取basic access token");
OAuth2AccessToken accessToken = this.getAccessTokenFromAuth(); return accessToken.getValue();
} catch (Exception e) {
logger.error(e.getMessage(), e); return this.getAccessTokenFromAuth().getValue();
}
}
private OAuth2AccessToken getAccessTokenFromAuth() {
ClientCredentialsAccessTokenProvider provider = new ClientCredentialsAccessTokenProvider(); return provider.obtainAccessToken(clientCredentialsResourceDetails, new DefaultAccessTokenRequest());
}
} 复制代码
application.yml中需配置
security:
oauth2:
client:
clientId: app
clientSecret: testpassword
accessTokenUri: http://localhost:5000/oauth/oauth/token
grant-type: client_credentials
scope: all
回复列表
简单,创新,满足个性化需求!
售前咨询(09:00-18:00)
名称:烟台荣华软件科技有限公司
地址:烟台市高新区航天路101号C栋5楼516
座机:0535-3458081
邮箱:001@rongsoft.com
Q Q:327195471
微信公众号(ronghuasoft)
微信小程序 (荣华软件)
Android 端
iphone 端
Copyright@2018 烟台荣华软件科技有限公司 版权所有 鲁ICP备14003838号-1
Copyright@2018 烟台荣华软件科技有限公司
版权所有 鲁ICP备14003838号-1
