forked from kidgrow-microservices-platform
blame | history | raw
克 刘
2020-03-16 549148d90d41a3320bd36d469fd690354c78de58 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

package com.kidgrow.authclient.store;


 


import com.kidgrow.authclient.converter.CustomUserAuthenticationConverter;


import com.kidgrow.common.model.SysUser;


import org.springframework.cloud.bootstrap.encrypt.KeyProperties;


import org.springframework.context.annotation.Bean;


import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;


import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;


import org.springframework.security.oauth2.provider.token.TokenEnhancer;


import org.springframework.security.oauth2.provider.token.TokenStore;


import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;


import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;


import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;


 


import javax.annotation.Resource;


import java.security.KeyPair;


import java.util.HashMap;


import java.util.Map;


 


/**


 * 石家庄喜高科技有限责任公司 版权所有 © Copyright 2020<br>


 *


 * @Description: 认证服务器令牌采用Jwt RSA 非对称加密令牌存储<br>


 * @Project: <br>


 * @CreateDate: Created in 2020/2/13 11:24 <br>


 * @Author: <a href="4345453@kidgrow.com">liuke</a>


 */


public class AuthJwtTokenStore {


    @Bean("keyProp")


    public KeyProperties keyProperties() {


        return new KeyProperties();


    }


 


    @Resource(name = "keyProp")


    private KeyProperties keyProperties;


 


    @Bean


    public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {


        return new JwtTokenStore(jwtAccessTokenConverter);


    }


 


    @Bean


    public JwtAccessTokenConverter jwtAccessTokenConverter() {


        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();


        KeyPair keyPair = new KeyStoreKeyFactory


                (keyProperties.getKeyStore().getLocation(), keyProperties.getKeyStore().getSecret().toCharArray())


                .getKeyPair(keyProperties.getKeyStore().getAlias());


        converter.setKeyPair(keyPair);


        DefaultAccessTokenConverter tokenConverter = (DefaultAccessTokenConverter)converter.getAccessTokenConverter();


        tokenConverter.setUserTokenConverter(new CustomUserAuthenticationConverter());


        return converter;


    }


 


    /**


     * jwt 生成token 定制化处理


     * 添加一些额外的用户信息到token里面


     *


     * @return TokenEnhancer


     */


    @Bean


    public TokenEnhancer tokenEnhancer() {


        return (accessToken, authentication) -> {


            final Map<String, Object> additionalInfo = new HashMap<>(1);


            Object principal = authentication.getPrincipal();


            //增加id参数


            if (principal instanceof SysUser) {


                SysUser user = (SysUser)principal;


                additionalInfo.put("id", user.getId());


            }


            ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);


            return accessToken;


        };


    }


}