個性化token 目的
默認通過調用 /oauth/token 返回的報文格式包含以下參數
|
1
2
3
4
5
6
7
|
{ "access_token": "e6669cdf-b6cd-43fe-af5c-f91a65041382", "token_type": "bearer", "refresh_token": "da91294d-446c-4a89-bdcf-88aee15a75e8", "expires_in": 43199, "scope": "server"} |
并沒包含用戶的業(yè)務信息比如用戶信息、租戶信息等。
擴展生成包含業(yè)務信息(如下),避免系統多次調用,直接可以通過認證接口獲取到用戶信息等,大大提高系統性能
|
1
2
3
4
5
6
7
8
9
10
11
12
|
{ "access_token":"a6f3b6d6-93e6-4eb8-a97d-3ae72240a7b0", "token_type":"bearer", "refresh_token":"710ab162-a482-41cd-8bad-26456af38e4f", "expires_in":42396, "scope":"server", "tenant_id":1, "license":"made by pigx", "dept_id":1, "user_id":1, "username":"admin"} |
密碼模式生成token 源碼解析
? 主頁參考紅框部分
resourceownerpasswordtokengranter (密碼模式)根據用戶的請求信息,進行認證得到當前用戶上下文信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
protected oauth2authentication getoauth2authentication(clientdetails client, tokenrequest tokenrequest) { map<string, string> parameters = new linkedhashmap<string, string>(tokenrequest.getrequestparameters()); string username = parameters.get("username"); string password = parameters.get("password"); // protect from downstream leaks of password parameters.remove("password"); authentication userauth = new usernamepasswordauthenticationtoken(username, password); ((abstractauthenticationtoken) userauth).setdetails(parameters); userauth = authenticationmanager.authenticate(userauth); oauth2request storedoauth2request = getrequestfactory().createoauth2request(client, tokenrequest); return new oauth2authentication(storedoauth2request, userauth);} |
然后調用abstracttokengranter.getaccesstoken() 獲取oauth2accesstoken
|
1
2
3
|
protected oauth2accesstoken getaccesstoken(clientdetails client, tokenrequest tokenrequest) { return tokenservices.createaccesstoken(getoauth2authentication(client, tokenrequest));} |
默認使用defaulttokenservices來獲取token
|
1
2
3
4
5
6
7
8
9
10
11
12
|
public oauth2accesstoken createaccesstoken(oauth2authentication authentication) throws authenticationexception { ... 一系列判斷 ,合法性、是否過期等判斷 oauth2accesstoken accesstoken = createaccesstoken(authentication, refreshtoken); tokenstore.storeaccesstoken(accesstoken, authentication); // in case it was modified refreshtoken = accesstoken.getrefreshtoken(); if (refreshtoken != null) { tokenstore.storerefreshtoken(refreshtoken, authentication); } return accesstoken;} |
createaccesstoken 核心邏輯
|
1
2
3
4
5
6
7
8
9
10
11
12
|
// 默認刷新token 的有效期private int refreshtokenvalidityseconds = 60 * 60 * 24 * 30; // default 30 days.// 默認token 的有效期private int accesstokenvalidityseconds = 60 * 60 * 12; // default 12 hours.private oauth2accesstoken createaccesstoken(oauth2authentication authentication, oauth2refreshtoken refreshtoken) { defaultoauth2accesstoken token = new defaultoauth2accesstoken(uuid); token.setexpiration(date) token.setrefreshtoken(refreshtoken); token.setscope(authentication.getoauth2request().getscope()); return accesstokenenhancer != null ? accesstokenenhancer.enhance(token, authentication) : token;} |
如上代碼,在拼裝好token對象后會調用認證服務器配置tokenenhancer( 增強器) 來對默認的token進行增強。
tokenenhancer.enhance 通過上下文中的用戶信息來個性化token
|
1
2
3
4
5
6
7
8
9
10
11
|
public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) { final map<string, object> additionalinfo = new hashmap<>(8); pigxuser pigxuser = (pigxuser) authentication.getuserauthentication().getprincipal(); additionalinfo.put("user_id", pigxuser.getid()); additionalinfo.put("username", pigxuser.getusername()); additionalinfo.put("dept_id", pigxuser.getdeptid()); additionalinfo.put("tenant_id", pigxuser.gettenantid()); additionalinfo.put("license", securityconstants.pigx_license); ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo); return accesstoken;} |
基于pig 看下最終的實現效果
pig 基于spring cloud、oauth2.0開發(fā)基于vue前后分離的開發(fā)平臺,支持賬號、短信、sso等多種登錄,提供配套視頻開發(fā)教程。
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支持服務器之家。
原文鏈接:https://segmentfault.com/a/1190000018187384
