mirror of https://github.com/jeecgboot/jeecg-boot
登出及强退逻辑完善
EightMonth
parent
0e762b4157
commit
e218367332
|
|
@ -24,7 +24,7 @@ import java.util.Objects;
|
||||||
* @author eightmonth@qq.com
|
* @author eightmonth@qq.com
|
||||||
* @date 2024/3/7 17:30
|
* @date 2024/3/7 17:30
|
||||||
*/
|
*/
|
||||||
//@Component
|
@Component
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
public class RedisTokenValidationFilter extends OncePerRequestFilter {
|
public class RedisTokenValidationFilter extends OncePerRequestFilter {
|
||||||
private OAuth2AuthorizationService authorizationService;
|
private OAuth2AuthorizationService authorizationService;
|
||||||
|
|
|
||||||
|
|
@ -96,11 +96,11 @@ public class SelfAuthenticationProvider implements AuthenticationProvider {
|
||||||
.authorizedScopes(requestScopeSet)
|
.authorizedScopes(requestScopeSet)
|
||||||
.authorizationGrant(passwordGrantAuthenticationToken);
|
.authorizationGrant(passwordGrantAuthenticationToken);
|
||||||
|
|
||||||
// OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
|
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
|
||||||
// .principalName(clientPrincipal.getName())
|
.principalName(clientPrincipal.getName())
|
||||||
// .authorizedScopes(requestScopeSet)
|
.authorizedScopes(requestScopeSet)
|
||||||
// .attribute(Principal.class.getName(), username)
|
.attribute(Principal.class.getName(), username)
|
||||||
// .authorizationGrantType(authorizationGrantType);
|
.authorizationGrantType(authorizationGrantType);
|
||||||
|
|
||||||
|
|
||||||
// ----- Access token -----
|
// ----- Access token -----
|
||||||
|
|
@ -112,68 +112,36 @@ public class SelfAuthenticationProvider implements AuthenticationProvider {
|
||||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
||||||
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
|
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
|
||||||
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
|
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
|
||||||
// if (generatedAccessToken instanceof ClaimAccessor) {
|
if (generatedAccessToken instanceof ClaimAccessor) {
|
||||||
// authorizationBuilder.token(accessToken, (metadata) -> {
|
authorizationBuilder.token(accessToken, (metadata) -> {
|
||||||
// metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
|
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
|
||||||
// });
|
});
|
||||||
// } else {
|
} else {
|
||||||
// authorizationBuilder.accessToken(accessToken);
|
authorizationBuilder.accessToken(accessToken);
|
||||||
// }
|
}
|
||||||
|
|
||||||
// ----- Refresh token -----
|
// ----- Refresh token -----
|
||||||
// OAuth2RefreshToken refreshToken = null;
|
OAuth2RefreshToken refreshToken = null;
|
||||||
// if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
|
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
|
||||||
// // 不向公共客户端颁发刷新令牌
|
// 不向公共客户端颁发刷新令牌
|
||||||
// !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
|
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
|
||||||
//
|
|
||||||
// tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
|
|
||||||
// OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
|
|
||||||
// if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
|
|
||||||
// Map<String, Object> map = new HashMap<>();
|
|
||||||
// map.put("message", "无法生成刷新token,请联系管理员。");
|
|
||||||
// return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
|
|
||||||
// authorizationBuilder.refreshToken(refreshToken);
|
|
||||||
// }
|
|
||||||
|
|
||||||
// OAuth2Authorization authorization = authorizationBuilder.build();
|
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
|
||||||
//
|
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
|
||||||
// // 保存认证信息至redis
|
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
|
||||||
// authorizationService.save(authorization);
|
Map<String, Object> map = new HashMap<>();
|
||||||
|
map.put("message", "无法生成刷新token,请联系管理员。");
|
||||||
|
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
|
||||||
|
}
|
||||||
|
|
||||||
// JSONObject addition = new JSONObject(new LinkedHashMap<>());
|
refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
|
||||||
// addition.put("token", accessToken.getTokenValue());
|
authorizationBuilder.refreshToken(refreshToken);
|
||||||
// // 设置租户
|
}
|
||||||
// JSONObject jsonObject = commonAPI.setLoginTenant(username);
|
|
||||||
// addition.putAll(jsonObject.getInnerMap());
|
|
||||||
//
|
|
||||||
// // 设置登录用户信息
|
|
||||||
// addition.put("userInfo", loginUser);
|
|
||||||
// addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
|
|
||||||
//
|
|
||||||
// List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
|
|
||||||
// addition.put("departs", departs);
|
|
||||||
// if (departs == null || departs.size() == 0) {
|
|
||||||
// addition.put("multi_depart", 0);
|
|
||||||
// } else if (departs.size() == 1) {
|
|
||||||
// commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
|
|
||||||
// addition.put("multi_depart", 1);
|
|
||||||
// } else {
|
|
||||||
// //查询当前是否有登录部门
|
|
||||||
// if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
|
|
||||||
// commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
|
|
||||||
// }
|
|
||||||
// addition.put("multi_depart", 2);
|
|
||||||
// }
|
|
||||||
|
|
||||||
// 兼容原有shiro登录结果处理
|
OAuth2Authorization authorization = authorizationBuilder.build();
|
||||||
// Map<String, Object> map = new HashMap<>();
|
|
||||||
// map.put("result", addition);
|
// 保存认证信息至redis
|
||||||
// map.put("code", 200);
|
authorizationService.save(authorization);
|
||||||
// map.put("success", true);
|
|
||||||
// map.put("timestamp", System.currentTimeMillis());
|
|
||||||
|
|
||||||
// 返回access_token、refresh_token以及其它信息给到前端
|
// 返回access_token、refresh_token以及其它信息给到前端
|
||||||
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
|
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue