diff --git a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java index e3efd695..87be3c20 100644 --- a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java +++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java @@ -1,5 +1,6 @@ package com.cloud.kicc.common.security.override; +import cn.hutool.core.map.MapUtil; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.Authentication; @@ -15,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.util.Assert; import java.util.Date; +import java.util.Map; import java.util.Set; import java.util.UUID; @@ -61,21 +63,28 @@ public class KiccCustomTokenServices implements AuthorizationServerTokenServices OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication); OAuth2RefreshToken refreshToken = null; - // 若已产生token,过期时删除相关token,执行下边的重新生成逻辑 if (existingAccessToken != null) { - tokenStore.removeAccessToken(existingAccessToken); - - if (existingAccessToken.getRefreshToken() != null) { - refreshToken = existingAccessToken.getRefreshToken(); - tokenStore.removeRefreshToken(refreshToken); + if (existingAccessToken.isExpired()) { + if (existingAccessToken.getRefreshToken() != null) { + refreshToken = existingAccessToken.getRefreshToken(); + // 当访问令牌被删除时,令牌存储可以删除刷新令牌,但是我们想要确保一定可以删除刷新令牌 + tokenStore.removeRefreshToken(refreshToken); + } + tokenStore.removeAccessToken(existingAccessToken); + } + else { + // 重新存储访问令牌,以防身份验证发生更改 + tokenStore.storeAccessToken(existingAccessToken, authentication); + return existingAccessToken; } - } + // 只有在没有与过期的访问令牌关联的现有令牌时,才创建新的刷新令牌。 + // 客户端可能持有现有的刷新令牌,所以我们在旧访问令牌过期的情况下重用它。 if (refreshToken == null) { refreshToken = createRefreshToken(authentication); } - + // 但是如果刷新令牌已过期,则可能需要重新颁发它本身。 else if (refreshToken instanceof ExpiringOAuth2RefreshToken) { ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken; if (System.currentTimeMillis() > expiring.getExpiration().getTime()) { @@ -85,7 +94,7 @@ public class KiccCustomTokenServices implements AuthorizationServerTokenServices OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken); tokenStore.storeAccessToken(accessToken, authentication); - + // 以防它被修改 refreshToken = accessToken.getRefreshToken(); if (refreshToken != null) { tokenStore.storeRefreshToken(refreshToken, authentication);