From 000e86c8d6ea90df13faa5e510a84ff5958b82a8 Mon Sep 17 00:00:00 2001 From: wangxiang <1827945911@qq.com> Date: Tue, 17 May 2022 20:30:05 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=A3=20=E9=87=8D=E5=86=99=E6=94=AF?= =?UTF-8?q?=E6=8C=81=E5=89=8D=E7=AB=AF=E8=87=AA=E5=AE=9A=E4=B9=89=E5=BC=82?= =?UTF-8?q?=E5=B8=B8=E6=8F=90=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../override/KiccCustomTokenServices.java | 27 ++++++++++++------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java index e3efd695..87be3c20 100644 --- a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java +++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/KiccCustomTokenServices.java @@ -1,5 +1,6 @@ package com.cloud.kicc.common.security.override; +import cn.hutool.core.map.MapUtil; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.Authentication; @@ -15,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.util.Assert; import java.util.Date; +import java.util.Map; import java.util.Set; import java.util.UUID; @@ -61,21 +63,28 @@ public class KiccCustomTokenServices implements AuthorizationServerTokenServices OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication); OAuth2RefreshToken refreshToken = null; - // 若已产生token,过期时删除相关token,执行下边的重新生成逻辑 if (existingAccessToken != null) { - tokenStore.removeAccessToken(existingAccessToken); - - if (existingAccessToken.getRefreshToken() != null) { - refreshToken = existingAccessToken.getRefreshToken(); - tokenStore.removeRefreshToken(refreshToken); + if (existingAccessToken.isExpired()) { + if (existingAccessToken.getRefreshToken() != null) { + refreshToken = existingAccessToken.getRefreshToken(); + // 当访问令牌被删除时,令牌存储可以删除刷新令牌,但是我们想要确保一定可以删除刷新令牌 + tokenStore.removeRefreshToken(refreshToken); + } + tokenStore.removeAccessToken(existingAccessToken); + } + else { + // 重新存储访问令牌,以防身份验证发生更改 + tokenStore.storeAccessToken(existingAccessToken, authentication); + return existingAccessToken; } - } + // 只有在没有与过期的访问令牌关联的现有令牌时,才创建新的刷新令牌。 + // 客户端可能持有现有的刷新令牌,所以我们在旧访问令牌过期的情况下重用它。 if (refreshToken == null) { refreshToken = createRefreshToken(authentication); } - + // 但是如果刷新令牌已过期,则可能需要重新颁发它本身。 else if (refreshToken instanceof ExpiringOAuth2RefreshToken) { ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken; if (System.currentTimeMillis() > expiring.getExpiration().getTime()) { @@ -85,7 +94,7 @@ public class KiccCustomTokenServices implements AuthorizationServerTokenServices OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken); tokenStore.storeAccessToken(accessToken, authentication); - + // 以防它被修改 refreshToken = accessToken.getRefreshToken(); if (refreshToken != null) { tokenStore.storeRefreshToken(refreshToken, authentication);