Inicio Explorar Axuda
Iniciar sesión
iot
/
hsweb-framework
4
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

优化OAuth2

zhou-hao %!s(int64=7) %!d(string=hai) anos
pai
5950904e76
achega
ed68244ceb
Modificáronse 6 ficheiros con 107 adicións e 6 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 0 2
      hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordService.java
  2. 0 2
      hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/service/oauth2/server/simple/SimplePasswordService.java
  3. 11 1
      hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/pom.xml
  4. 20 0
      hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/java/org/hswebframework/web/oauth2/OAuth2AuthorizationAutoConfiguration.java
  5. 74 0
      hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/java/org/hswebframework/web/oauth2/authorization/OAuth2UserTokenParser.java
  6. 2 1
      hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/resources/META-INF/spring.factories

+ 0 - 2
hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordService.java
Ver ficheiro 

@@ -19,8 +19,6 @@
 
 package org.hswebframework.web.authorization.oauth2.server.support.password;
 
 
 /**
 
- * TODO 完成注释
 
- *
 
  * @author zhouhao
 
  */
 
 public interface PasswordService {

+ 0 - 2
hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/service/oauth2/server/simple/SimplePasswordService.java
Ver ficheiro 

@@ -23,8 +23,6 @@ import org.hswebframework.web.entity.authorization.UserEntity;
 
 import org.hswebframework.web.service.authorization.UserService;
 
 
 /**
 
- * TODO 完成注释
 
- *
 
  * @author zhouhao
 
  */
 
 public class SimplePasswordService implements PasswordService {

+ 11 - 1
hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/pom.xml
Ver ficheiro 

@@ -53,12 +53,22 @@
 
             <artifactId>hsweb-system-oauth2-server-controller</artifactId>
 
             <version>${project.version}</version>
 
         </dependency>
 
-
 
+        <dependency>
 
+            <groupId>javax.servlet</groupId>
 
+            <artifactId>servlet-api</artifactId>
 
+            <version>2.5</version>
 
+            <scope>provided</scope>
 
+        </dependency>
 
         <dependency>
 
             <groupId>org.hswebframework.web</groupId>
 
             <artifactId>hsweb-spring-boot-starter</artifactId>
 
             <version>${project.version}</version>
 
             <scope>test</scope>
 
         </dependency>
 
+        <dependency>
 
+            <groupId>org.hswebframework.web</groupId>
 
+            <artifactId>hsweb-authorization-basic</artifactId>
 
+            <version>${project.version}</version>
 
+        </dependency>
 
     </dependencies>
 
 </project>

+ 20 - 0
hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/java/org/hswebframework/web/oauth2/OAuth2AuthorizationAutoConfiguration.java
Ver ficheiro 

@@ -0,0 +1,20 @@
 
+package org.hswebframework.web.oauth2;
 
+
 
+import org.hswebframework.web.authorization.basic.web.UserTokenParser;
 
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
 
+import org.hswebframework.web.oauth2.authorization.OAuth2UserTokenParser;
 
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 
+import org.springframework.context.annotation.Bean;
 
+import org.springframework.context.annotation.Configuration;
 
+
 
+@ConditionalOnClass(UserTokenParser.class)
 
+@Configuration
 
+@AutoConfigureAfter(OAuth2GranterAutoConfiguration.class)
 
+public class OAuth2AuthorizationAutoConfiguration {
 
+
 
+    @Bean
 
+    public OAuth2UserTokenParser oAuth2UserTokenParser(AccessTokenService accessTokenService) {
 
+        return new OAuth2UserTokenParser(accessTokenService);
 
+    }
 
+}

+ 74 - 0
hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/java/org/hswebframework/web/oauth2/authorization/OAuth2UserTokenParser.java
Ver ficheiro 

@@ -0,0 +1,74 @@
 
+package org.hswebframework.web.oauth2.authorization;
 
+
 
+import org.hswebframework.web.authorization.basic.web.AuthorizedToken;
 
+import org.hswebframework.web.authorization.basic.web.ParsedToken;
 
+import org.hswebframework.web.authorization.basic.web.UserTokenParser;
 
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
 
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
 
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
 
+import org.hswebframework.web.oauth2.core.ErrorType;
 
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
 
+import org.springframework.util.StringUtils;
 
+
 
+import javax.servlet.http.HttpServletRequest;
 
+
 
+public class OAuth2UserTokenParser implements UserTokenParser {
 
+
 
+    public static final String token_type = "oauth2-access-token";
 
+
 
+    private AccessTokenService accessTokenService;
 
+
 
+    public OAuth2UserTokenParser(AccessTokenService accessTokenService) {
 
+        this.accessTokenService = accessTokenService;
 
+    }
 
+
 
+    public void setAccessTokenService(AccessTokenService accessTokenService) {
 
+        this.accessTokenService = accessTokenService;
 
+    }
 
+
 
+    @Override
 
+    public ParsedToken parseToken(HttpServletRequest request) {
 
+        String accessToken = request.getHeader(OAuth2Constants.authorization);
 
+        if (StringUtils.isEmpty(accessToken)) {
 
+            accessToken = request.getParameter(OAuth2Constants.access_token);
 
+        } else {
 
+            String[] arr = accessToken.split("[ ]");
 
+            if (arr.length > 1) {
 
+                accessToken = arr[1];
 
+            }
 
+        }
 
+        if (StringUtils.isEmpty(accessToken)) {
 
+            return null;
 
+        }
 
+        OAuth2AccessToken auth2AccessToken = accessTokenService.getTokenByAccessToken(accessToken);
 
+        if (auth2AccessToken == null) {
 
+            throw new GrantTokenException(ErrorType.INVALID_TOKEN);
 
+        }
 
+        Long time = auth2AccessToken.getUpdateTime() != null ? auth2AccessToken.getUpdateTime() : auth2AccessToken.getCreateTime();
 
+        if (System.currentTimeMillis() - time > auth2AccessToken.getExpiresIn() * 1000) {
 
+            throw new GrantTokenException(ErrorType.EXPIRED_TOKEN);
 
+        }
 
+
 
+        return new AuthorizedToken() {
 
+            @Override
 
+            public String getUserId() {
 
+                return auth2AccessToken.getOwnerId();
 
+            }
 
+
 
+            @Override
 
+            public String getToken() {
 
+                return auth2AccessToken.getAccessToken();
 
+            }
 
+
 
+            @Override
 
+            public String getType() {
 
+                return token_type;
 
+            }
 
+
 
+            @Override
 
+            public long getMaxInactiveInterval() {
 
+                return auth2AccessToken.getExpiresIn() * 1000;
 
+            }
 
+        };
 
+    }
 
+}

+ 2 - 1
hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/resources/META-INF/spring.factories
Ver ficheiro 

@@ -1,3 +1,4 @@
 
 # Auto Configure
 
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 
-org.hswebframework.web.oauth2.OAuth2GranterAutoConfiguration
 
+org.hswebframework.web.oauth2.OAuth2GranterAutoConfiguration,\
 
+  org.hswebframework.web.oauth2.OAuth2AuthorizationAutoConfiguration