package com.livk.auth.common.provider;
import com.livk.auth.common.core.exception.BadCaptchaException;
import com.livk.auth.common.token.OAuth2BaseAuthenticationToken;
import com.livk.auth.common.util.MessageSourceUtils;
import com.livk.auth.common.util.OAuth2AuthenticationProviderUtils;
import com.livk.auth.common.util.OAuth2ErrorCodesExpand;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import java.security.Principal;
import java.time.Instant;
import java.util.*;
import java.util.function.Supplier;
/**
* <p>处理自定义授权</p>
*
* @author livk
*/
@Slf4j
public abstract class OAuth2BaseAuthenticationProvider<T extends OAuth2BaseAuthenticationToken> implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
private final OAuth2AuthorizationService authorizationService;
private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
private final AuthenticationManager authenticationManager;
private final MessageSourceAccessor messages;
private Supplier<String> refreshTokenGenerator;
/**
* Constructs an {@code OAuth2AuthorizationCodeAuthenticationProvider} using the
* provided parameters.
*
* @param authorizationService the authorization service
* @param tokenGenerator the token generator
* @since 0.2.3
*/
public OAuth2BaseAuthenticationProvider(AuthenticationManager authenticationManager,
OAuth2AuthorizationService authorizationService,
OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
Assert.notNull(authorizationService, "authorizationService cannot be null");
Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
this.authenticationManager = authenticationManager;
this.authorizationService = authorizationService;
this.tokenGenerator = tokenGenerator;
// 国际化配置
this.messages = new MessageSourceAccessor(MessageSourceUtils.get(), Locale.CHINA);
}
@Deprecated
public void setRefreshTokenGenerator(Supplier<String> refreshTokenGenerator) {
Assert.notNull(refreshTokenGenerator, "refreshTokenGenerator cannot be null");
this.refreshTokenGenerator = refreshTokenGenerator;
}
/**
* 封装简易principal
*
* @param reqParameters
* @return
*/
public abstract UsernamePasswordAuthenticationToken assemble(Map<String, Object> reqParameters);
/**
* 当前provider是否支持此令牌类型
*
* @param authentication
* @return
*/
@Override
public abstract boolean supports(Class<?> authentication);
/**
* 当前的请求客户端是否支持此模式
*
* @param registeredClient
*/
public abstract void checkClient(RegisteredClient registeredClient);
/**
* Performs authentication with the same contract as
*
* @param authentication the authentication request object.
* @throws AuthenticationException if authentication fails.
* @see org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationProvider#authenticate(Authentication)
* @see org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationProvider#authenticate(Authentication)
* {@link AuthenticationManager#authenticate(Authentication)} .
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2BaseAuthenticationToken baseAuthentication = (OAuth2BaseAuthenticationToken) authentication;
OAuth2ClientAuthenticationToken clientPrincipal = OAuth2AuthenticationProviderUtils.getAuthenticatedClientElseThrowInvalidClient(baseAuthentication);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
checkClient(registeredClient);
// Default to configured scopes
Set<String> authorizedScopes = Objects.requireNonNull(registeredClient).getScopes();
if (!CollectionUtils.isEmpty(baseAuthentication.getScopes())) {
if (baseAuthentication.getScopes().stream().noneMatch(scope -> registeredClient.getScopes().contains(scope))) {
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
}
authorizedScopes = new LinkedHashSet<>(baseAuthentication.getScopes());
}
Map<String, Object> reqParameters = baseAuthentication.getAdditionalParameters();
try {
/* 自行构造UsernamePasswordAuthenticationToken,用来去数据库进行校验 */
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = assemble(reqParameters);
Authentication principal = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
// @formatter:off
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(principal)
.providerContext(ProviderContextHolder.getProviderContext())
.authorizedScopes(authorizedScopes)
.authorizationGrantType(baseAuthentication.getAuthorizationGrantType())
.authorizationGrant(baseAuthentication);
// @formatter:on
/* ACCESS TOKEN CONTEXT */
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
// -------------------- Access token start --------------------
OAuth2Token generatedAccessToken = Optional.ofNullable(this.tokenGenerator.generate(tokenContext)).orElseThrow(() ->
new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, "The token generator failed to generate the access token.", ERROR_URI)));
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
// -------------------- Access token end --------------------
/**
* 封装OAuth2Authorization,给OAuth2AuthorizationService保存信息
关于SpringCloud的各种示例代码分享.zip (244个子文件) 
README.adoc 436B README.adoc 394B README-en.adoc 381B README.adoc 89B gradlew.bat 3KB spring.factories 98B .gitattributes 154B .gitignore 419B gradlew 8KB http.http 1KB gray-auth.http 946B UsersHttp.http 159B function.http 65B remote.http 42B remote.http 42B remote.http 42B BusHttp.http 34B org.springframework.boot.autoconfigure.AutoConfiguration.imports 136B org.springframework.boot.autoconfigure.AutoConfiguration.imports 116B com.livk.annotation.EnableHttpClient.imports 40B org.springframework.boot.autoconfigure.AutoConfiguration.imports 38B com.livk.annotation.EnableWebClient.imports 37B org.springframework.boot.autoconfigure.AutoConfiguration.imports 34B OAuth2BaseAuthenticationProvider.java 15KB UserDetailsAuthenticationProvider.java 9KB SpringUtils.java 8KB AuthorizationServerConfiguration.java 8KB SpringContextHolder.java 6KB GrayGatewayFilterFactory.java 6KB OAuth2AccessTokenGenerator.java 5KB GrayRoundRobinLoadBalancer.java 5KB WebUtils.java 4KB RequestHashingGatewayFilterFactoryTest.java 4KB RequestHashingGatewayFilterFactory.java 4KB AuthenticationSuccessEventHandler.java 4KB JacksonUtils.java 4KB HeaderHashGatewayFilterFactory.java 4KB RequestWrapper.java 4KB OAuth2BaseAuthenticationConverter.java 3KB LivkBanner.java 3KB OAuth2EndpointUtils.java 3KB CustomOpaqueTokenIntrospector.java 3KB LivkRedisRouteDefinitionRepository.java 3KB AuthorizationServerTest.java 3KB JdbcConfig.java 3KB AuthenticationFailureEventHandler.java 3KB OAuth2PasswordAuthenticationProvider.java 3KB OAuth2SmsAuthenticationProvider.java 3KB OAuth2SmsAuthenticationConverter.java 3KB OAuth2PasswordAuthenticationConverter.java 3KB Pair.java 3KB WebClientConfiguration.java 2KB ResultHandlerWebFilter.java 2KB SpringUtilsTest.java 2KB OAuth2AuthenticationProviderUtils.java 2KB ResponseWrapper.java 2KB YamlUtils.java 2KB DateUtils.java 2KB JacksonUtilsTest.java 2KB OAuth2BaseAuthenticationToken.java 2KB RedisConfig.java 2KB DateUtilsTest.java 2KB BeanUtils.java 2KB SecurityUtils.java 2KB RestTemplateConfiguration.java 2KB Oauth2User.java 2KB AbstractImportSelector.java 2KB StreamUtilsTest.java 2KB BeanUtilsTest.java 2KB OAuth2JwtTokenCustomizer.java 1KB OpenFeignConfig.java 1KB SpringUtilsTest.java 1KB Resilience4jConfig.java 1KB ProviderBus.java 1KB StreamUtils.java 1KB RedisSerialization.java 1KB DefaultSecurityConfiguration.java 1KB FieldUtils.java 1KB AuthorizationServer.java 1KB SsoLogoutSuccessHandler.java 1KB JwkUtils.java 1KB LivkSpring.java 1KB KeyGeneratorUtils.java 1KB SerializerUtils.java 1KB RabbitProvider.java 1KB KafkaProvider.java 1KB LivkPage.java 1KB Jackson2RedisSerializationContext.java 1KB FormAuthenticationFailureHandler.java 1KB FormIdentityLoginConfigurer.java 1KB LivkDynamicAutoConfig.java 1KB LivkReactiveRedisTemplate.java 1KB UndertowCustomizationBean.java 1KB UserRemoteService.java 1KB CorsConfig.java 1KB UsersController.java 1KB ProviderController.java 1KB SecurityConstants.java 1KB RemoteController.java 1KB OtherSettingHandler.java 986B共 244 条
- 1
- 2
- 3
Java程序员-张凯
- 粉丝: 1w+
- 资源: 7361
最新资源
- C语言-leetcode题解之70-climbing-stairs.c
- C语言-leetcode题解之68-text-justification.c
- C语言-leetcode题解之66-plus-one.c
- C语言-leetcode题解之64-minimum-path-sum.c
- C语言-leetcode题解之63-unique-paths-ii.c
- C语言-leetcode题解之62-unique-paths.c
- C语言-leetcode题解之61-rotate-list.c
- C语言-leetcode题解之59-spiral-matrix-ii.c
- C语言-leetcode题解之58-length-of-last-word.c
- 计算机编程课程设计基础教程
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
评论0