package com.mzl.flower.service.login;
|
|
import cn.hutool.core.map.MapUtil;
|
import com.mzl.flower.config.OAuth2Properties;
|
import com.mzl.flower.config.exception.ValidationException;
|
import com.mzl.flower.config.security.AuthUtils;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.lang3.StringUtils;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.security.core.Authentication;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
import org.springframework.security.oauth2.provider.*;
|
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
|
import org.springframework.stereotype.Service;
|
import org.springframework.transaction.annotation.Transactional;
|
|
import java.util.Base64;
|
import java.util.List;
|
|
|
@Service
|
@Transactional
|
@Slf4j
|
public class LoginService {
|
|
private static final String BASIC_ = "Basic ";
|
private static final String DEFAULT_CLIENT_TYPE = "default";
|
|
@Autowired
|
private AuthorizationServerTokenServices authorizationServerTokenServices;
|
|
@Autowired
|
private ClientDetailsService clientDetailsService;
|
|
@Autowired
|
private PasswordEncoder passwordEncoder;
|
|
@Autowired
|
private OAuth2Properties oAuth2Properties;
|
|
private String clientAuthorization(String clientType){
|
if(StringUtils.isBlank(clientType)){
|
clientType = DEFAULT_CLIENT_TYPE;
|
}
|
List<OAuth2Properties.ClientConfiguration> clients = oAuth2Properties.getClientConfigurations();
|
if(clients==null){
|
throw new ValidationException("请求头中无client信息");
|
}
|
String authorization ="";
|
for (OAuth2Properties.ClientConfiguration webClientConfiguration :clients){
|
if(clientType.equals(webClientConfiguration.getClientType())){
|
String clientId = webClientConfiguration.getClientId();
|
String secret = webClientConfiguration.getSecret();
|
byte[] bytes = (clientId+":"+secret).getBytes();
|
authorization = Base64.getEncoder().encodeToString(bytes);
|
break;
|
}
|
}
|
return BASIC_+authorization;
|
}
|
|
public ClientDetails getClient(String clientType){
|
String authorization = clientAuthorization(clientType);
|
if (StringUtils.isBlank(authorization) || !authorization.startsWith(BASIC_)) {
|
throw new ValidationException( "请求头中无client信息");
|
}
|
String[] tokens = AuthUtils.extractAndDecodeHeader(authorization);
|
if (tokens.length != 2) {
|
throw new ValidationException( "请求头错误");
|
}
|
String clientId = tokens[0];
|
String clientSecret = tokens[1];
|
|
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
|
if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
|
throw new ValidationException("请求头错误");
|
}
|
return clientDetails;
|
}
|
|
public OAuth2AccessToken getAccessToken(Authentication authentication,String clientType){
|
ClientDetails clientDetails = getClient(clientType);
|
TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientDetails.getClientId(), clientDetails.getScope(), "password");
|
|
OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
|
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
|
OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
|
return token;
|
}
|
}
|
