Add ClaimsOAuth2TokenCustomizer
shengzhaoli.shengz
parent
a832e939bb
commit
8df5daa64c
|
|
@ -62,18 +62,4 @@ public class MVCConfiguration implements WebMvcConfigurer {
|
|||
}
|
||||
|
||||
|
||||
// /**
|
||||
// * sitemesh filter
|
||||
// */
|
||||
// @Bean
|
||||
// public FilterRegistrationBean<Filter> sitemesh() {
|
||||
// FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<>();
|
||||
// registrationBean.setFilter(new SOSSiteMeshFilter());
|
||||
// registrationBean.addUrlPatterns("/*");
|
||||
// //注意: 在 spring security filter之后
|
||||
// registrationBean.setOrder(8899);
|
||||
// return registrationBean;
|
||||
// }
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package com.monkeyk.sos.config;
|
||||
|
||||
|
||||
import com.monkeyk.sos.domain.oauth.ClaimsOAuth2TokenCustomizer;
|
||||
import com.nimbusds.jose.jwk.source.JWKSource;
|
||||
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
|
||||
import com.nimbusds.jose.proc.SecurityContext;
|
||||
|
|
@ -18,7 +19,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
|||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
|
||||
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationConsentService;
|
||||
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
|
||||
|
|
@ -35,7 +35,6 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
|
|||
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.UUID;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import static com.monkeyk.sos.domain.shared.SOSConstants.CUSTOM_CONSENT_PAGE_URI;
|
||||
|
|
@ -210,11 +209,7 @@ public class OAuth2ServerConfiguration {
|
|||
*/
|
||||
@Bean
|
||||
public OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
|
||||
return context -> {
|
||||
JwtClaimsSet.Builder claims = context.getClaims();
|
||||
//jti
|
||||
claims.id(UUID.randomUUID().toString());
|
||||
};
|
||||
return new ClaimsOAuth2TokenCustomizer();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,73 @@
|
|||
package com.monkeyk.sos.domain.oauth;
|
||||
|
||||
import com.monkeyk.sos.domain.shared.GuidGenerator;
|
||||
import com.monkeyk.sos.domain.user.UserRepository;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
||||
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* 2023/10/17
|
||||
* <p>
|
||||
* 扩展 jwt id_token claims 属性生成
|
||||
*
|
||||
* @author Shengzhao Li
|
||||
* @since 3.0.0
|
||||
*/
|
||||
public class ClaimsOAuth2TokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ClaimsOAuth2TokenCustomizer.class);
|
||||
|
||||
@Autowired
|
||||
private UserRepository userRepository;
|
||||
|
||||
public ClaimsOAuth2TokenCustomizer() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void customize(JwtEncodingContext context) {
|
||||
|
||||
JwtClaimsSet.Builder claims = context.getClaims();
|
||||
//jti
|
||||
claims.id(GuidGenerator.generateNumber());
|
||||
|
||||
//根据不同的 scope 与 tokenType添加扩展属性
|
||||
OAuth2TokenType tokenType = context.getTokenType();
|
||||
if (!OidcParameterNames.ID_TOKEN.equals(tokenType.getValue())) {
|
||||
//非 id_token 排除
|
||||
return;
|
||||
}
|
||||
OAuth2Authorization authorization = context.getAuthorization();
|
||||
if (authorization == null) {
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Null OAuth2Authorization, ignore customize");
|
||||
}
|
||||
return;
|
||||
}
|
||||
// String username = authorization.getPrincipalName();
|
||||
Set<String> scopes = context.getAuthorizedScopes();
|
||||
if (scopes.contains(OidcScopes.ADDRESS)) {
|
||||
Object attrVal = authorization.getAttribute(OidcScopes.ADDRESS);
|
||||
claims.claim(OidcScopes.ADDRESS, attrVal == null ? "" : attrVal);
|
||||
} else if (scopes.contains(OidcScopes.EMAIL)) {
|
||||
Object attrVal = authorization.getAttribute(OidcScopes.EMAIL);
|
||||
claims.claim(OidcScopes.EMAIL, attrVal == null ? "" : attrVal);
|
||||
} else if (scopes.contains(OidcScopes.PHONE)) {
|
||||
Object attrVal = authorization.getAttribute(OidcScopes.PHONE);
|
||||
claims.claim(OidcScopes.PHONE, attrVal == null ? "" : attrVal);
|
||||
} else if (scopes.contains(OidcScopes.PROFILE)) {
|
||||
Object attrVal = authorization.getAttribute("nickname");
|
||||
claims.claim("nickname", attrVal == null ? "" : attrVal);
|
||||
claims.claim("updated_at", "");
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue