个性化Token 目的
默认通过调用 /oauth/token 返回的报文格式包含以下参数
{ "access_token": "e6669cdf-b6cd-43fe-af5c-f91a65041382", "token_type": "bearer", "refresh_token": "da91294d-446c-4a89-bdcf-88aee15a75e8", "expires_in": 43199, "scope": "server" }
并没包含用户的业务信息比如用户信息、租户信息等。
扩展生成包含业务信息(如下),避免系统多次调用,直接可以通过认证接口获取到用户信息等,大大提高系统性能
{ "access_token":"a6f3b6d6-93e6-4eb8-a97d-3ae72240a7b0", "token_type":"bearer", "refresh_token":"710ab162-a482-41cd-8bad-26456af38e4f", "expires_in":42396, "scope":"server", "tenant_id":1, "license":"made by pigx", "dept_id":1, "user_id":1, "username":"admin" }
密码模式生成Token 源码解析
主页参考红框部分
ResourceOwnerPasswordTokenGranter (密码模式)根据用户的请求信息,进行认证得到当前用户上下文信息
protected OAuth3Authentication getOAuth3Authentication(ClientDetails client, TokenRequest tokenRequest) { Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters()); String username = parameters.get("username"); String password = parameters.get("password"); // Protect from downstream leaks of password parameters.remove("password"); Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password); ((AbstractAuthenticationToken) userAuth).setDetails(parameters); userAuth = authenticationManager.authenticate(userAuth); OAuth3Request storedOAuth3Request = getRequestFactory().createOAuth3Request(client, tokenRequest); return new OAuth3Authentication(storedOAuth3Request, userAuth); }
然后调用AbstractTokenGranter.getAccessToken() 获取OAuth3AccessToken
protected OAuth3AccessToken getAccessToken(ClientDetails client, TokenRequest tokenRequest) { return tokenServices.createAccessToken(getOAuth3Authentication(client, tokenRequest)); }
默认使用DefaultTokenServices来获取token
public OAuth3AccessToken createAccessToken(OAuth3Authentication authentication) throws AuthenticationException { ... 一系列判断 ,合法性、是否过期等判断 OAuth3AccessToken accessToken = createAccessToken(authentication, refreshToken); tokenStore.storeAccessToken(accessToken, authentication); // In case it was modified refreshToken = accessToken.getRefreshToken(); if (refreshToken != null) { tokenStore.storeRefreshToken(refreshToken, authentication); } return accessToken; }
createAccessToken 核心逻辑
// 默认刷新token 的有效期 private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days. // 默认token 的有效期 private int accessTokenValiditySeconds = 60 * 60 * 12; // default 12 hours. private OAuth3AccessToken createAccessToken(OAuth3Authentication authentication, OAuth3RefreshToken refreshToken) { DefaultOAuth3AccessToken token = new DefaultOAuth3AccessToken(uuid); token.setExpiration(Date) token.setRefreshToken(refreshToken); token.setScope(authentication.getOAuth3Request().getScope()); return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }
如上代码,在拼装好token对象后会调用认证服务器配置TokenEnhancer( 增强器) 来对默认的token进行增强。
TokenEnhancer.enhance 通过上下文中的用户信息来个性化Token
public OAuth3AccessToken enhance(OAuth3AccessToken accessToken, OAuth3Authentication authentication) { final Map<String, Object> additionalInfo = new HashMap<>(8); PigxUser pigxUser = (PigxUser) authentication.getUserAuthentication().getPrincipal(); additionalInfo.put("user_id", pigxUser.getId()); additionalInfo.put("username", pigxUser.getUsername()); additionalInfo.put("dept_id", pigxUser.getDeptId()); additionalInfo.put("tenant_id", pigxUser.getTenantId()); additionalInfo.put("license", SecurityConstants.PIGX_LICENSE); ((DefaultOAuth3AccessToken) accessToken).setAdditionalInformation(additionalInfo); return accessToken; }
基于pig 看下最终的实现效果
Pig 基于Spring Cloud、oAuth3.0开发基于Vue前后分离的开发平台,支持账号、短信、SSO等多种登录,提供配套视频开发教程。
https://gitee.com/log4j/pig
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持亿速云。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。