flowerbackend-v2
blame | 历史 | 原始文档
cloudroam
2024-09-24 11c95afd1e44bcd3d70dbcf77e790596ec80a53e 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

package com.mzl.flower.config.security.handler;


 


import cn.hutool.core.map.MapUtil;


import com.fasterxml.jackson.databind.ObjectMapper;


import com.mzl.flower.base.R;


import com.mzl.flower.base.ReturnDataDTO;


import com.mzl.flower.config.security.AuthUtils;


import lombok.Builder;


import lombok.extern.slf4j.Slf4j;


import org.springframework.http.HttpHeaders;


import org.springframework.security.authentication.BadCredentialsException;


import org.springframework.security.core.Authentication;


import org.springframework.security.crypto.password.PasswordEncoder;


import org.springframework.security.oauth2.common.OAuth2AccessToken;


import org.springframework.security.oauth2.common.exceptions.InvalidClientException;


import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;


import org.springframework.security.oauth2.provider.*;


import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;


import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;


 


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


 


@Slf4j


@Builder


public class SelfAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {


 


    private static final String BASIC_ = "Basic ";


 


    private PasswordEncoder passwordEncoder;


    private ObjectMapper objectMapper;


    private ClientDetailsService clientDetailsService;


    private AuthorizationServerTokenServices authorizationServerTokenServices;


 


    @Override


    public void onAuthenticationSuccess(HttpServletRequest request,


                                        HttpServletResponse response,


                                        Authentication authentication) {


        String header = request.getHeader(HttpHeaders.AUTHORIZATION);


 


        if (header == null || !header.startsWith(BASIC_)) {


            throw new UnapprovedClientAuthenticationException("请求头中无client信息");


        }


 


        try {


            String[] tokens = AuthUtils.extractAndDecodeHeader(header);


            assert tokens.length == 2;


            String clientId = tokens[0];


            String clientSecret = tokens[1];


 


            ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);


 


            //校验secret


            if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {


                throw new InvalidClientException("Given client ID does not match authenticated client");


            }


 


            TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientId, clientDetails.getScope(), "password");


 


            OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);


 


            OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);


 


            OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);


            response.setContentType("application/json;charset=UTF-8");


            ReturnDataDTO resultDTO = new ReturnDataDTO(R.SUCCESS.getCode(), token, "success");


            response.getWriter().write(objectMapper.writeValueAsString(resultDTO));


        } catch (IOException e) {


            throw new BadCredentialsException(


                    "Failed to decode basic authentication token");


        } catch (Exception e) {


            throw new BadCredentialsException(e.getMessage());


        }


 


    }


 


 


}