forked from kidgrow-microservices-platform
blame | history | patch | commit | commitdiff | ignore whitespace
zhaoxiaohao
2020-12-09 c3e7f3074dc05bfe48bccf320728cf96b2fc0ba7 
 kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/AuthorizationServerConfig.java


@@ -1,22 +1,36 @@


package com.kidgrow.oauth2.config;




import com.kidgrow.oauth2.handler.SingleTokenServices;


import com.kidgrow.oauth2.service.impl.RedisClientDetailsService;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.boot.autoconfigure.AutoConfigureAfter;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.context.annotation.Lazy;


import org.springframework.context.annotation.Primary;


import org.springframework.security.authentication.AuthenticationManager;


import org.springframework.security.authentication.AuthenticationProvider;


import org.springframework.security.authentication.ProviderManager;


import org.springframework.security.authentication.dao.DaoAuthenticationProvider;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.AuthenticationException;


import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;


import org.springframework.security.core.userdetails.UserDetailsService;


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;


import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;


import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;


import org.springframework.security.oauth2.provider.OAuth2Authentication;


import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;


import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;


import org.springframework.security.oauth2.provider.token.TokenEnhancer;


import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;


import org.springframework.security.oauth2.provider.token.TokenStore;


import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;


import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;




import javax.annotation.Resource;


import java.util.Arrays;


@@ -36,8 +50,9 @@


    /**


     * 注入authenticationManager 来支持 password grant type


     */


    @Autowired


    private AuthenticationManager authenticationManager;


//   @Autowired


//    private AuthenticationManager authenticationManager;






    @Resource


    private UserDetailsService userDetailsService;


@@ -45,6 +60,9 @@




    @Autowired


    private TokenStore tokenStore;




//    @Autowired


//    private CustomRedisTokenStore tokenStore;




    @Autowired(required = false)


    private JwtAccessTokenConverter jwtAccessTokenConverter;


@@ -60,6 +78,11 @@




    @Autowired


    private RandomValueAuthorizationCodeServices authorizationCodeServices;


    @Autowired


    private AuthenticationProvider daoAuhthenticationOauthProvider;


//    @Autowired


//    private SingleTokenServices tokenServices;






    /**


     * 配置身份认证器,配置认证方式,TokenStore,TokenGranter,OAuth2RequestFactory


@@ -77,11 +100,76 @@


                endpoints.accessTokenConverter(jwtAccessTokenConverter);


            }


        }


        endpoints.tokenStore(tokenStore)


                .authenticationManager(authenticationManager)


        endpoints


                //扩展tokenServices


                .tokenServices(KidgrowTokenServices())


                .authenticationManager(new AuthenticationManager(){


                    @Override


                    public Authentication authenticate(Authentication authentication) throws AuthenticationException {


                        String token = (String) authentication.getPrincipal();


                        OAuth2Authentication auth = KidgrowTokenServices().loadAuthentication(token);


                        if (auth == null) {


                            throw new InvalidTokenException("Invalid token: " + token);


                        }


                        return daoAuhthenticationOauthProvider.authenticate(authentication);


                    }


                })


                .userDetailsService(userDetailsService)


                .authorizationCodeServices(authorizationCodeServices)


                .exceptionTranslator(webResponseExceptionTranslator);




    }


    @Bean


    DaoAuthenticationProvider daoAuthenticationProvider(){




        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();




        daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());




        daoAuthenticationProvider.setUserDetailsService(userDetailsService);




        return daoAuthenticationProvider;




    }




    @Bean


    @Primary


    @Lazy


    public SingleTokenServices KidgrowTokenServices(){


        SingleTokenServices tokenServices = new SingleTokenServices();


        tokenServices.setTokenStore(tokenStore);


        tokenServices.setSupportRefreshToken(true);//支持刷新token


        tokenServices.setReuseRefreshToken(true);


        addUserDetailsService(tokenServices, this.userDetailsService);


        return tokenServices;


    }




//    private SingleTokenServices tokenServices(AuthorizationServerEndpointsConfigurer endpoints) {


//        SingleTokenServices tokenServices = new SingleTokenServices();


//        tokenServices.setTokenStore(tokenStore);


//        tokenServices.setSupportRefreshToken(true);//支持刷新token


//        tokenServices.setReuseRefreshToken(true);


//        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());


//        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());


//        addUserDetailsService(tokenServices, this.userDetailsService);


//        return tokenServices;


//    }


//    private void addUserDetailsService(SingleTokenServices tokenServices, UserDetailsService userDetailsService) {


//        if (userDetailsService != null) {


//            PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();


//            provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(


//                    userDetailsService));


//            tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));


//        }


//    }




    private void addUserDetailsService(SingleTokenServices tokenServices, UserDetailsService userDetailsService) {


        if (userDetailsService != null) {


            PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();


            provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(


                    userDetailsService));


            tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));


        }


    }




    /**