|
|
|
@ -1,5 +1,6 @@ |
|
|
|
package com.cloud.kicc.common.security.override; |
|
|
|
package com.cloud.kicc.common.security.override; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import cn.hutool.core.map.MapUtil; |
|
|
|
import org.springframework.beans.factory.InitializingBean; |
|
|
|
import org.springframework.beans.factory.InitializingBean; |
|
|
|
import org.springframework.security.authentication.AuthenticationManager; |
|
|
|
import org.springframework.security.authentication.AuthenticationManager; |
|
|
|
import org.springframework.security.core.Authentication; |
|
|
|
import org.springframework.security.core.Authentication; |
|
|
|
@ -15,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional; |
|
|
|
import org.springframework.util.Assert; |
|
|
|
import org.springframework.util.Assert; |
|
|
|
|
|
|
|
|
|
|
|
import java.util.Date; |
|
|
|
import java.util.Date; |
|
|
|
|
|
|
|
import java.util.Map; |
|
|
|
import java.util.Set; |
|
|
|
import java.util.Set; |
|
|
|
import java.util.UUID; |
|
|
|
import java.util.UUID; |
|
|
|
|
|
|
|
|
|
|
|
@ -61,21 +63,28 @@ public class KiccCustomTokenServices implements AuthorizationServerTokenServices |
|
|
|
OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication); |
|
|
|
OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication); |
|
|
|
OAuth2RefreshToken refreshToken = null; |
|
|
|
OAuth2RefreshToken refreshToken = null; |
|
|
|
|
|
|
|
|
|
|
|
// 若已产生token,过期时删除相关token,执行下边的重新生成逻辑
|
|
|
|
|
|
|
|
if (existingAccessToken != null) { |
|
|
|
if (existingAccessToken != null) { |
|
|
|
tokenStore.removeAccessToken(existingAccessToken); |
|
|
|
if (existingAccessToken.isExpired()) { |
|
|
|
|
|
|
|
if (existingAccessToken.getRefreshToken() != null) { |
|
|
|
if (existingAccessToken.getRefreshToken() != null) { |
|
|
|
refreshToken = existingAccessToken.getRefreshToken(); |
|
|
|
refreshToken = existingAccessToken.getRefreshToken(); |
|
|
|
// 当访问令牌被删除时,令牌存储可以删除刷新令牌,但是我们想要确保一定可以删除刷新令牌
|
|
|
|
tokenStore.removeRefreshToken(refreshToken); |
|
|
|
tokenStore.removeRefreshToken(refreshToken); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
tokenStore.removeAccessToken(existingAccessToken); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else { |
|
|
|
|
|
|
|
// 重新存储访问令牌,以防身份验证发生更改
|
|
|
|
|
|
|
|
tokenStore.storeAccessToken(existingAccessToken, authentication); |
|
|
|
|
|
|
|
return existingAccessToken; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// 只有在没有与过期的访问令牌关联的现有令牌时,才创建新的刷新令牌。
|
|
|
|
|
|
|
|
// 客户端可能持有现有的刷新令牌,所以我们在旧访问令牌过期的情况下重用它。
|
|
|
|
if (refreshToken == null) { |
|
|
|
if (refreshToken == null) { |
|
|
|
refreshToken = createRefreshToken(authentication); |
|
|
|
refreshToken = createRefreshToken(authentication); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// 但是如果刷新令牌已过期,则可能需要重新颁发它本身。
|
|
|
|
else if (refreshToken instanceof ExpiringOAuth2RefreshToken) { |
|
|
|
else if (refreshToken instanceof ExpiringOAuth2RefreshToken) { |
|
|
|
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken; |
|
|
|
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken; |
|
|
|
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) { |
|
|
|
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) { |
|
|
|
@ -85,7 +94,7 @@ public class KiccCustomTokenServices implements AuthorizationServerTokenServices |
|
|
|
|
|
|
|
|
|
|
|
OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken); |
|
|
|
OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken); |
|
|
|
tokenStore.storeAccessToken(accessToken, authentication); |
|
|
|
tokenStore.storeAccessToken(accessToken, authentication); |
|
|
|
|
|
|
|
// 以防它被修改
|
|
|
|
refreshToken = accessToken.getRefreshToken(); |
|
|
|
refreshToken = accessToken.getRefreshToken(); |
|
|
|
if (refreshToken != null) { |
|
|
|
if (refreshToken != null) { |
|
|
|
tokenStore.storeRefreshToken(refreshToken, authentication); |
|
|
|
tokenStore.storeRefreshToken(refreshToken, authentication); |
|
|
|
|
wangxiang
3 years ago