sunsail云平台后端管理项目工程
blame | 历史 | 原始文档
luoyb
2021-05-31 3ae6bd194fe1f17b4f5d96cb78b057705e5d0d78 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

package cc.mrbird.febs.common.security.starter.configure;


 


import com.alibaba.fastjson.JSONObject;


import com.alibaba.fastjson.TypeReference;


import org.apache.commons.logging.Log;


import org.apache.commons.logging.LogFactory;


import org.springframework.boot.autoconfigure.security.oauth2.resource.*;


import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;


import org.springframework.security.core.AuthenticationException;


import org.springframework.security.core.GrantedAuthority;


import org.springframework.security.oauth2.client.OAuth2RestOperations;


import org.springframework.security.oauth2.client.OAuth2RestTemplate;


import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;


import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;


import org.springframework.security.oauth2.common.OAuth2AccessToken;


import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;


import org.springframework.security.oauth2.provider.OAuth2Authentication;


import org.springframework.security.oauth2.provider.OAuth2Request;


import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;


import org.springframework.util.Assert;


 


import java.io.Serializable;


import java.util.Collections;


import java.util.List;


import java.util.Map;


import java.util.Set;


 


/**


 * 重写UserInfoTokenServices


 * {@link UserInfoTokenServices#loadAuthentication(String)}


 *


 * @author MrBird


 */


public class FebsUserInfoTokenServices implements ResourceServerTokenServices {


 


    protected final Log logger = LogFactory.getLog(this.getClass());


 


    private final String userInfoEndpointUrl;


    private final String clientId;


    private OAuth2RestOperations restTemplate;


    private String tokenType = "Bearer";


    private AuthoritiesExtractor authoritiesExtractor = new FixedAuthoritiesExtractor();


    private PrincipalExtractor principalExtractor = new FixedPrincipalExtractor();


 


    public FebsUserInfoTokenServices(String userInfoEndpointUrl, String clientId) {


        this.userInfoEndpointUrl = userInfoEndpointUrl;


        this.clientId = clientId;


    }


 


    public void setTokenType(String tokenType) {


        this.tokenType = tokenType;


    }


 


    public void setRestTemplate(OAuth2RestOperations restTemplate) {


        this.restTemplate = restTemplate;


    }


 


    public void setAuthoritiesExtractor(AuthoritiesExtractor authoritiesExtractor) {


        Assert.notNull(authoritiesExtractor, "AuthoritiesExtractor must not be null");


        this.authoritiesExtractor = authoritiesExtractor;


    }


 


    public void setPrincipalExtractor(PrincipalExtractor principalExtractor) {


        Assert.notNull(principalExtractor, "PrincipalExtractor must not be null");


        this.principalExtractor = principalExtractor;


    }


 


    @Override


    public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException {


        Map<String, Object> map = this.getMap(this.userInfoEndpointUrl, accessToken);


        String error = "error";


        if (map.containsKey(error)) {


            if (this.logger.isDebugEnabled()) {


                this.logger.debug("userinfo returned error: " + map.get(error));


            }


 


            throw new InvalidTokenException(accessToken);


        } else {


            return this.extractAuthentication(map);


        }


    }


 


    private OAuth2Authentication extractAuthentication(Map<String, Object> map) {


        Object principal = this.getPrincipal(map);


        List<GrantedAuthority> authorities = this.authoritiesExtractor.extractAuthorities(map);


 


        String oauth2RequestString = JSONObject.toJSONString(map.get("oauth2Request"));


        JSONObject oauth2Request = JSONObject.parseObject(oauth2RequestString);


        TypeReference<Set<String>> setTypeReference = new TypeReference<Set<String>>() {


        };


 


        Map<String, String> requestParameters = JSONObject.parseObject(oauth2Request.getString("requestParameters"), new TypeReference<Map<String, String>>() {


        });


        boolean approved = oauth2Request.getBooleanValue("approved");


        Set<String> scope = JSONObject.parseObject(oauth2Request.getString("scope"), setTypeReference);


        Set<String> resourceIds = JSONObject.parseObject(oauth2Request.getString("resourceIds"), setTypeReference);


        String redirectUri = oauth2Request.getString("redirectUri");


        Set<String> responseTypes = JSONObject.parseObject(oauth2Request.getString("responseTypes"), setTypeReference);


        Map<String, Serializable> extensions = JSONObject.parseObject(oauth2Request.getString("extensions"), new TypeReference<Map<String, Serializable>>() {


        });


 


        OAuth2Request request = new OAuth2Request(requestParameters, this.clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);


        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);


        token.setDetails(map);


        return new OAuth2Authentication(request, token);


    }


 


    protected Object getPrincipal(Map<String, Object> map) {


        Object principal = this.principalExtractor.extractPrincipal(map);


        return principal == null ? "unknown" : principal;


    }


 


    @Override


    public OAuth2AccessToken readAccessToken(String accessToken) {


        throw new UnsupportedOperationException("Not supported: read access token");


    }


 


    @SuppressWarnings("all")


    private Map<String, Object> getMap(String path, String accessToken) {


        if (this.logger.isDebugEnabled()) {


            this.logger.debug("Getting user info from: " + path);


        }


 


        try {


            OAuth2RestOperations restTemplate = this.restTemplate;


            if (restTemplate == null) {


                BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails();


                resource.setClientId(this.clientId);


                restTemplate = new OAuth2RestTemplate(resource);


            }


 


            OAuth2AccessToken existingToken = restTemplate.getOAuth2ClientContext().getAccessToken();


            if (existingToken == null || !accessToken.equals(existingToken.getValue())) {


                DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessToken);


                token.setTokenType(this.tokenType);


                restTemplate.getOAuth2ClientContext().setAccessToken(token);


            }


 


            return (Map) restTemplate.getForEntity(path, Map.class, new Object[0]).getBody();


        } catch (Exception e) {


            this.logger.warn("Could not fetch user details: " + e.getClass() + ", " + e.getMessage());


            return Collections.singletonMap("error", "Could not fetch user details");


        }


    }


}