91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Spring Security OAuth2 token權限隔離的示例分析

發布時間:2021-09-03 10:28:50 來源:億速云 閱讀:124 作者:小新 欄目:編程語言

這篇文章將為大家詳細講解有關Spring Security OAuth2 token權限隔離的示例分析,小編覺得挺實用的,因此分享給大家做個參考,希望大家閱讀完這篇文章后可以有所收獲。

一、哪里重寫?

資源服務器向授權服務服務器獲取資源時候,返回的user信息重寫,加入authorities

@RestController
@Slf4j
public class UserController {

 @Autowired
 HttpServletRequest request;

 @GetMapping("/user")
 public Principal user(Principal principal) {
  log.info("獲取user信息:{}", JSON.toJSON(principal));  return principal; }

返回的具體用戶信息:

{
  "principal": {
    "password": "$2a$10$OjTFAZEzS6qypY4nRZtnM.MzS6F3XsIlkAO/kIFCu30kAk8Yasowa",
    "phone": "13918438965",
    "credentialsNonExpired": true,
    "accountNonExpired": true,
    "enabled": true,
    "accountNonLocked": true,
    "username": "4738195728608789333"
  },
  "authenticated": true,
  "oAuth3Request": {
    "redirectUri": "http://www.baidu.com",
    "responseTypes": ["code"],
    "approved": true,
    "extensions": {},
    "clientId": "external",
    "scope": ["auth_base"],
    "requestParameters": {
      "code": "ovzMSk",
      "grant_type": "authorization_code",
      "scope": "auth_base",
      "response_type": "code",
      "redirect_uri": "http://www.baidu.com",
      "state": "123",
      "client_secret": "D524C1A0811DA49592F841085CC0063EB62B3001252A9454",
      "client_id": "external"
    },
    "refresh": false,
    "grantType": "authorization_code",
    "authorities": [{
      "authority": "auth_base"
    }],
    "resourceIds": []
  },
  "clientOnly": false,
  "credentials": "",
  "name": "4738195728608789333",
  "userAuthentication": {
    "principal": {
      "password": "$2a$10$OjTFAZEzS6qypY4nRZtnM.MzS6F3XsIlkAO/kIFCu30kAk8Yasowa",
      "phone": "13918438965",
      "credentialsNonExpired": true,
      "accountNonExpired": true,
      "enabled": true,
      "accountNonLocked": true,
      "username": "4738195728608789333"
    },
    "authenticated": true,
    "oAuth3Request": {
      "responseTypes": [],
      "approved": true,
      "extensions": {},
      "clientId": "gt",
      "scope": ["frontend"],
      "requestParameters": {
        "auth_type": "sms",
        "device_id": "5c5d1d7b-50ae-4347-9aee-7a7686055f4d",
        "grant_type": "password",
        "client_id": "gt",
        "username": "13918438965"
      },
      "refresh": false,
      "grantType": "password",
      "authorities": [{
        "authority": "client"
      }],
      "resourceIds": []
    },
    "clientOnly": false,
    "credentials": "",
    "name": "4738195728608789333",
    "userAuthentication": {
      "principal": {
        "password": "$2a$10$OjTFAZEzS6qypY4nRZtnM.MzS6F3XsIlkAO/kIFCu30kAk8Yasowa",
        "phone": "13918438965",
        "credentialsNonExpired": true,
        "accountNonExpired": true,
        "enabled": true,
        "accountNonLocked": true,
        "username": "4738195728608789333"
      },
      "authenticated": true,
      "name": "4738195728608789333",
      "details": {
        "auth_type": "sms",
        "device_id": "5c5d1d7b-50ae-4347-9aee-7a7686055f4d",
        "grant_type": "password",
        "client_secret": "D524C1A0811DA49592F841085CC0063EB62B3001252A94542795D1CA9824A941",
        "client_id": "gt",
        "username": "13918438965"
      },
      "authorities": []
    },
    "details": {
      "tokenType": "Bearer",
      "tokenValue": "f7870e71-7b0f-4a4a-9c6f-bb6d1f903ad9",
      "remoteAddress": "0:0:0:0:0:0:0:1"
    },
    "authorities": []
  },
  "details": {
    "tokenType": "Bearer",
    "tokenValue": "7829005c-5ebe-4428-b951-89477b24316e",
    "remoteAddress": "0:0:0:0:0:0:0:1"
  },
  "authorities": []
}

二、如何重寫?

principal是OAuth3Authentication實例,OAuth3Authentication主要包括OAuth3Request storedRequest、Authentication userAuthentication,

重寫目的是將storedRequest authorities復制到authoritie中,但問題是authoritie不讓修改的,沒辦法只能重寫這個OAuth3Authentication了。

為了改變authoritie重寫:

@GetMapping("/user")
 public Principal user(Principal principal) {
  log.info("獲取user信息:{}", JSON.toJSON(principal));
  OAuth3Authentication oAuth3Authentication = (OAuth3Authentication) principal;
  OAuth3Request storedRequest = oAuth3Authentication.getOAuth3Request();
  Authentication userAuthentication = oAuth3Authentication.getUserAuthentication();
  // 為了服務端進行token權限隔離 定制OAuth3Authentication
  CustomOAuth3Authentication customOAuth3Authentication = new CustomOAuth3Authentication(storedRequest, userAuthentication, storedRequest.getAuthorities());
  customOAuth3Authentication.setDetails(oAuth3Authentication.getDetails());
  log.info("返回用戶信息:{}", JSON.toJSON(customOAuth3Authentication));
  return customOAuth3Authentication;
 }

CustomOAuth3Authentication :

package com.brightcns.wuxi.citizencard.auth.domain;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth3.provider.OAuth3Request;

import java.util.Collection;

/**
 * @author maxianming
 * @date 2018/10/29 13:53
 */
public class CustomOAuth3Authentication extends AbstractAuthenticationToken {

  private static final long serialVersionUID = -4809832298438307309L;

  private final OAuth3Request storedRequest;

  private final Authentication userAuthentication;

  /**
   * Construct an OAuth 2 authentication. Since some grant types don't require user authentication, the user
   * authentication may be null.
   * @param storedRequest   The authorization request (must not be null).
   * @param userAuthentication The user authentication (possibly null).
   */
  public CustomOAuth3Authentication(OAuth3Request storedRequest, Authentication userAuthentication, Collection<? extends GrantedAuthority> authorities) {
    /**
     * 為了服務端進行token權限隔離 {@link @PreAuthorize("hasAuthority('server')")},自定義OAuth3Authentication使得支持改變authorities
     */
    super(authorities != null ? authorities : userAuthentication == null ? storedRequest.getAuthorities() : userAuthentication.getAuthorities());
    this.storedRequest = storedRequest;
    this.userAuthentication = userAuthentication;
  }

  public Object getCredentials() {
    return "";
  }

  public Object getPrincipal() {
    return this.userAuthentication == null ? this.storedRequest.getClientId() : this.userAuthentication
        .getPrincipal();
  }

  /**
   * Convenience method to check if there is a user associated with this token, or just a client application.
   *
   * @return true if this token represents a client app not acting on behalf of a user
   */
  public boolean isClientOnly() {
    return userAuthentication == null;
  }

  /**
   * The authorization request containing details of the client application.
   *
   * @return The client authentication.
   */
  public OAuth3Request getOAuth3Request() {
    return storedRequest;
  }

  /**
   * The user authentication.
   *
   * @return The user authentication.
   */
  public Authentication getUserAuthentication() {
    return userAuthentication;
  }

  @Override
  public boolean isAuthenticated() {
    return this.storedRequest.isApproved()
        && (this.userAuthentication == null || this.userAuthentication.isAuthenticated());
  }

  @Override
  public void eraseCredentials() {
    super.eraseCredentials();
    if (this.userAuthentication != null && CredentialsContainer.class.isAssignableFrom(this.userAuthentication.getClass())) {
      CredentialsContainer.class.cast(this.userAuthentication).eraseCredentials();
    }
  }

  @Override
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
    if (!(o instanceof CustomOAuth3Authentication)) {
      return false;
    }
    if (!super.equals(o)) {
      return false;
    }

    CustomOAuth3Authentication that = (CustomOAuth3Authentication) o;

    if (!storedRequest.equals(that.storedRequest)) {
      return false;
    }
    if (userAuthentication != null ? !userAuthentication.equals(that.userAuthentication)
        : that.userAuthentication != null) {
      return false;
    }

    if (getDetails() != null ? !getDetails().equals(that.getDetails()) : that.getDetails() != null) {
      // return false;
    }

    return true;
  }
  @Override
  public int hashCode() {
    int result = super.hashCode();
    result = 31 * result + storedRequest.hashCode();
    result = 31 * result + (userAuthentication != null ? userAuthentication.hashCode() : 0);
    return result;
  }

}

主要在OAuth3Authentication基礎上修改了30-35行代碼

關于“Spring Security OAuth2 token權限隔離的示例分析”這篇文章就分享到這里了,希望以上內容可以對大家有一定的幫助,使各位可以學到更多知識,如果覺得文章不錯,請把它分享出去讓更多的人看到。

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

丽水市| 沾化县| 乌恰县| 江永县| 阿拉善右旗| 吴江市| 靖江市| 岱山县| 兴隆县| 墨竹工卡县| 鄯善县| 康马县| 信丰县| 玉环县| 鄂托克旗| 呼和浩特市| 洛南县| 阿勒泰市| 日喀则市| 耒阳市| 安康市| 河曲县| 鲁甸县| 厦门市| 文成县| 行唐县| 苏州市| 绩溪县| 中阳县| 徐州市| 额尔古纳市| 泸州市| 黄骅市| 大新县| 蓬莱市| 丹阳市| 格尔木市| 马龙县| 饶平县| 德昌县| 韩城市|