From a16a19603455e5553fdeef7a109f6dcd94145227 Mon Sep 17 00:00:00 2001
From: zxh <279049017@qq.com>
Date: Fri, 21 Aug 2020 10:15:57 +0800
Subject: [PATCH] 修改 为取消url验证
---
kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/AuthorizationServerConfig.java | 95 +++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 91 insertions(+), 4 deletions(-)
diff --git a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/AuthorizationServerConfig.java b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/AuthorizationServerConfig.java
index 5672172..84121f2 100644
--- a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/AuthorizationServerConfig.java
+++ b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/config/AuthorizationServerConfig.java
@@ -1,22 +1,36 @@
package com.kidgrow.oauth2.config;
+import com.kidgrow.oauth2.handler.SingleTokenServices;
import com.kidgrow.oauth2.service.impl.RedisClientDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import javax.annotation.Resource;
import java.util.Arrays;
@@ -36,8 +50,9 @@
/**
* 注入authenticationManager 来支持 password grant type
*/
- @Autowired
- private AuthenticationManager authenticationManager;
+// @Autowired
+// private AuthenticationManager authenticationManager;
+
@Resource
private UserDetailsService userDetailsService;
@@ -45,6 +60,9 @@
@Autowired
private TokenStore tokenStore;
+
+// @Autowired
+// private CustomRedisTokenStore tokenStore;
@Autowired(required = false)
private JwtAccessTokenConverter jwtAccessTokenConverter;
@@ -60,6 +78,11 @@
@Autowired
private RandomValueAuthorizationCodeServices authorizationCodeServices;
+ @Autowired
+ private AuthenticationProvider daoAuhthenticationOauthProvider;
+ @Autowired
+ private SingleTokenServices tokenServices;
+
/**
* 配置身份认证器,配置认证方式,TokenStore,TokenGranter,OAuth2RequestFactory
@@ -77,11 +100,75 @@
endpoints.accessTokenConverter(jwtAccessTokenConverter);
}
}
- endpoints.tokenStore(tokenStore)
- .authenticationManager(authenticationManager)
+ endpoints
+ //扩展tokenServices
+ .tokenServices(KidgrowTokenServices())
+ .authenticationManager(new AuthenticationManager(){
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ String token = (String) authentication.getPrincipal();
+ OAuth2Authentication auth = tokenServices.loadAuthentication(token);
+ if (auth == null) {
+ throw new InvalidTokenException("Invalid token: " + token);
+ }
+ return daoAuhthenticationOauthProvider.authenticate(authentication);
+ }
+ })
.userDetailsService(userDetailsService)
.authorizationCodeServices(authorizationCodeServices)
.exceptionTranslator(webResponseExceptionTranslator);
+
+ }
+ @Bean
+ DaoAuthenticationProvider daoAuthenticationProvider(){
+
+ DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
+
+ daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
+
+ daoAuthenticationProvider.setUserDetailsService(userDetailsService);
+
+ return daoAuthenticationProvider;
+
+ }
+
+ @Bean
+ @Primary
+ public SingleTokenServices KidgrowTokenServices(){
+ SingleTokenServices tokenServices = new SingleTokenServices();
+ tokenServices.setTokenStore(tokenStore);
+ tokenServices.setSupportRefreshToken(true);//支持刷新token
+ tokenServices.setReuseRefreshToken(true);
+ addUserDetailsService(tokenServices, this.userDetailsService);
+ return tokenServices;
+ }
+
+// private SingleTokenServices tokenServices(AuthorizationServerEndpointsConfigurer endpoints) {
+// SingleTokenServices tokenServices = new SingleTokenServices();
+// tokenServices.setTokenStore(tokenStore);
+// tokenServices.setSupportRefreshToken(true);//支持刷新token
+// tokenServices.setReuseRefreshToken(true);
+// tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
+// tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
+// addUserDetailsService(tokenServices, this.userDetailsService);
+// return tokenServices;
+// }
+// private void addUserDetailsService(SingleTokenServices tokenServices, UserDetailsService userDetailsService) {
+// if (userDetailsService != null) {
+// PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
+// provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(
+// userDetailsService));
+// tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));
+// }
+// }
+
+ private void addUserDetailsService(SingleTokenServices tokenServices, UserDetailsService userDetailsService) {
+ if (userDetailsService != null) {
+ PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
+ provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(
+ userDetailsService));
+ tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));
+ }
}
/**
--
Gitblit v1.8.0