個(gè)性化Token 目的

• 默認(rèn)通過調(diào)用 /oauth/token 返回的報(bào)文格式包含以下參數(shù)

{"access_token": "e6669cdf-b6cd-43fe-af5c-f91a65041382","token_type": "bearer","refresh_token": "da91294d-446c-4a89-bdcf-88aee15a75e8","expires_in": 43199, "scope": "server" }

并沒包含用戶的業(yè)務(wù)信息比如用戶信息、租戶信息等。

• 擴(kuò)展生成包含業(yè)務(wù)信息（如下）,避免系統(tǒng)多次調(diào)用，直接可以通過認(rèn)證接口獲取到用戶信息等，大大提高系統(tǒng)性能

{"access_token":"a6f3b6d6-93e6-4eb8-a97d-3ae72240a7b0","token_type":"bearer","refresh_token":"710ab162-a482-41cd-8bad-26456af38e4f","expires_in":42396,"scope":"server","tenant_id":1,"license":"made by pigx","dept_id":1,"user_id":1,"username":"admin" }

密碼模式生成Token 源碼解析

? 主頁參考紅框部分

• ResourceOwnerPasswordTokenGranter （密碼模式）根據(jù)用戶的請求信息，進(jìn)行認(rèn)證得到當(dāng)前用戶上下文信息

  protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());String username = parameters.get("username");String password = parameters.get("password");// Protect from downstream leaks of passwordparameters.remove("password");Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);((AbstractAuthenticationToken) userAuth).setDetails(parameters);userAuth = authenticationManager.authenticate(userAuth);OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); }

• 然后調(diào)用AbstractTokenGranter.getAccessToken() 獲取OAuth2AccessToken

  protected OAuth2AccessToken getAccessToken(ClientDetails client, TokenRequest tokenRequest) {return tokenServices.createAccessToken(getOAuth2Authentication(client, tokenRequest)); }

• 默認(rèn)使用DefaultTokenServices來獲取token

  public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {... 一系列判斷 ，合法性、是否過期等判斷 OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);tokenStore.storeAccessToken(accessToken, authentication);// In case it was modifiedrefreshToken = accessToken.getRefreshToken();if (refreshToken != null) {tokenStore.storeRefreshToken(refreshToken, authentication);}return accessToken; }

• createAccessToken 核心邏輯

  // 默認(rèn)刷新token 的有效期 private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days. // 默認(rèn)token 的有效期 private int accessTokenValiditySeconds = 60 * 60 * 12; // default 12 hours.private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) {DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(uuid);token.setExpiration(Date)token.setRefreshToken(refreshToken);token.setScope(authentication.getOAuth2Request().getScope());return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }

  如上代碼，在拼裝好token對象后會(huì)調(diào)用認(rèn)證服務(wù)器配置TokenEnhancer( 增強(qiáng)器) 來對默認(rèn)的token進(jìn)行增強(qiáng)。

• TokenEnhancer.enhance 通過上下文中的用戶信息來個(gè)性化Token

  public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {final Map<String, Object> additionalInfo = new HashMap<>(8);PigxUser pigxUser = (PigxUser) authentication.getUserAuthentication().getPrincipal();additionalInfo.put("user_id", pigxUser.getId());additionalInfo.put("username", pigxUser.getUsername());additionalInfo.put("dept_id", pigxUser.getDeptId());additionalInfo.put("tenant_id", pigxUser.getTenantId());additionalInfo.put("license", SecurityConstants.PIGX_LICENSE);((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);return accessToken; }

基于pig 看下最終的實(shí)現(xiàn)效果

Pig 基于Spring Cloud、oAuth2.0開發(fā)基于Vue前后分離的開發(fā)平臺，支持賬號、短信、SSO等多種登錄，提供配套視頻開發(fā)教程。
https://gitee.com/log4j/pig

總結(jié)

以上是生活随笔為你收集整理的Spring Security OAuth 个性化token的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。