个性化 token 目的
默认通过调用 /oauth/token 返回的报文格式包含以下参数
|
1 2 3 4 5 6 7 |
{ "access_token" : "e6669cdf-b6cd-43fe-af5c-f91a65041382" , "token_type" : "bearer" , "refresh_token" : "da91294d-446c-4a89-bdcf-88aee15a75e8" , "expires_in" : 43199 , "scope" : "server" } |
并没包含用户的业务信息比如用户信息、租户信息等。
扩展生成包含业务信息(如下),避免系统多次调用,直接可以通过认证接口获取到用户信息等,大大提高系统性能
|
1 2 3 4 5 6 7 8 9 10 11 12 |
{ "access_token" : "a6f3b6d6-93e6-4eb8-a97d-3ae72240a7b0" , "token_type" : "bearer" , "refresh_token" : "710ab162-a482-41cd-8bad-26456af38e4f" , "expires_in" : 42396 , "scope" : "server" , "tenant_id" : 1 , "license" : "made by pigx" , "dept_id" : 1 , "user_id" : 1 , "username" : "admin" } |
密码模式生成token 源码解析
? 主页参考红框部分
resourceownerpasswordtokengranter (密码模式)根据用户的请求信息,进行认证得到当前用户上下文信息
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
protected oauth2authentication getoauth2authentication(clientdetails client, tokenrequest tokenrequest) { map<string, string> parameters = new linkedhashmap<string, string>(tokenrequest.getrequestparameters()); string username = parameters.get( "username" ); string password = parameters.get( "password" ); // protect from downstream leaks of password parameters.remove( "password" ); authentication userauth = new usernamepasswordauthenticationtoken(username, password); ((abstractauthenticationtoken) userauth).setdetails(parameters);
userauth = authenticationmanager.authenticate(userauth);
oauth2request storedoauth2request = getrequestfactory().createoauth2request(client, tokenrequest); return new oauth2authentication(storedoauth2request, userauth); } |
然后调用abstracttokengranter.getaccesstoken() 获取oauth2accesstoken
|
1 2 3 |
protected oauth2accesstoken getaccesstoken(clientdetails client, tokenrequest tokenrequest) { return tokenservices.createaccesstoken(getoauth2authentication(client, tokenrequest)); } |
默认使用defaulttokenservices来获取token
|
1 2 3 4 5 6 7 8 9 10 11 12 |
public oauth2accesstoken createaccesstoken(oauth2authentication authentication) throws authenticationexception {
... 一系列判断 ,合法性、是否过期等判断 oauth2accesstoken accesstoken = createaccesstoken(authentication, refreshtoken); tokenstore.storeaccesstoken(accesstoken, authentication); // in case it was modified refreshtoken = accesstoken.getrefreshtoken(); if (refreshtoken != null ) { tokenstore.storerefreshtoken(refreshtoken, authentication); } return accesstoken; } |
createaccesstoken 核心逻辑
|
1 2 3 4 5 6 7 8 9 10 11 12 |
// 默认刷新token 的有效期 private int refreshtokenvalidityseconds = 60 * 60 * 24 * 30 ; // default 30 days. // 默认token 的有效期 private int accesstokenvalidityseconds = 60 * 60 * 12 ; // default 12 hours.
private oauth2accesstoken createaccesstoken(oauth2authentication authentication, oauth2refreshtoken refreshtoken) { defaultoauth2accesstoken token = new defaultoauth2accesstoken(uuid); token.setexpiration(date) token.setrefreshtoken(refreshtoken); token.setscope(authentication.getoauth2request().getscope()); return accesstokenenhancer != null ? accesstokenenhancer.enhance(token, authentication) : token; } |
如上代码,在拼装好token对象后会调用认证服务器配置tokenenhancer( 增强器) 来对默认的token进行增强。
tokenenhancer.enhance 通过上下文中的用户信息来个性化token
|
1 2 3 4 5 6 7 8 9 10 11 |
public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) { final map<string, object> additionalinfo = new hashmap<>( 8 ); pigxuser pigxuser = (pigxuser) authentication.getuserauthentication().getprincipal(); additionalinfo.put( "user_id" , pigxuser.getid()); additionalinfo.put( "username" , pigxuser.getusername()); additionalinfo.put( "dept_id" , pigxuser.getdeptid()); additionalinfo.put( "tenant_id" , pigxuser.gettenantid()); additionalinfo.put( "license" , securityconstants.pigx_license); ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo); return accesstoken; } |
基于pig 看下最终的实现效果
pig 基于spring cloud、oauth2.0开发基于vue前后分离的开发平台,支持账号、短信、sso等多种登录,提供配套视频开发教程。
https://gitee测试数据/log4j/pig
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
原文链接:https://segmentfault测试数据/a/1190000018187384
查看更多关于Spring Security OAuth 个性化token的使用的详细内容...