SpringCloud 大型系列课程正在制造中,欢迎我们重视与提意见。
程序员每天的CV 与 板砖,也要知其所以然,本系列课程能够帮助初学者学习 SpringBooot 项目开发 与 SpringCloud 微服务系列项目开发
本文章是系列文章中的一篇
- SpringCloud 整合Gateway服务网关 【SpringCloud系列5】
- SpringCloud 事务办理后台 通过FeignClient来调用oauth/token接口【SpringCloud系列11】
本文章完成的是单点登录功用
1 oauth/token 接口
办理后台事务登录屡次调用 oauth/token 登录接口,会发现每次反回的token都是相同的,即时在不同的电脑上,运用相同的账号进行登录,反回的token还是一至的。 原因是我们在构造 AuthorizationServerTokenServices时运用的 DefaultTokenServices 中创立token时,会校验token是否存在,假如存在,就直接取出来回来,DefaultTokenServices 中创立 toke 的核心源码如下:
public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean {
...
@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
// 获取用户对应的token
OAuth2AccessToken existingAccessToken = this.tokenStore.getAccessToken(authentication);
OAuth2RefreshToken refreshToken = null;
if (existingAccessToken != null) {
//假如token存在并在有效期 直接回来
if (!existingAccessToken.isExpired()) {
this.tokenStore.storeAccessToken(existingAccessToken, authentication);
return existingAccessToken;
}
//假如token 过期了,移除 refresh-token
if (existingAccessToken.getRefreshToken() != null) {
refreshToken = existingAccessToken.getRefreshToken();
this.tokenStore.removeRefreshToken(refreshToken);
}
//移除已存在的token
this.tokenStore.removeAccessToken(existingAccessToken);
}
if (refreshToken == null) {
refreshToken = this.createRefreshToken(authentication);
} else if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken)refreshToken;
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
refreshToken = this.createRefreshToken(authentication);
}
}
OAuth2AccessToken accessToken = this.createAccessToken(authentication, refreshToken);
this.tokenStore.storeAccessToken(accessToken, authentication);
refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
this.tokenStore.storeRefreshToken(refreshToken, authentication);
}
return accessToken;
}
2 自界说 AuthenticationKey 自界说 token生成战略
下面是本项目中运用到的装备,在创立 AuthorizationServerTokenServices 时运用的是 DefaultTokenServices 。
@Configuration
public class TokenStoreConfig {
private String SIGNING_KEY = "qwert.123456";
@Autowired
TokenStore tokenStore;
@Autowired
private JwtAccessTokenConverter accessTokenConverter;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(SIGNING_KEY);
return converter;
}
//令牌办理服务
@Bean(name = "authorizationServerTokenServicesCustom")
public AuthorizationServerTokenServices tokenService() {
//默许的
DefaultTokenServices service = new DefaultTokenServices();
//自界说的
// TokenService service = new TokenService();
service.setSupportRefreshToken(true);//支持改写令牌
service.setTokenStore(tokenStore);//令牌存储战略
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
service.setTokenEnhancer(tokenEnhancerChain);
service.setAccessTokenValiditySeconds(7200); // 令牌默许有效期2小时
service.setRefreshTokenValiditySeconds(259200); // 改写令牌默许有效期3天
return service;
}
}
token 的缓存战略是运用的 Redis ,而我的需求是每次登录都要生成不相同的token所以能够自界说生成 token的战略
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.TreeSet;
public class CustomAuthenticationKeyGenerator extends DefaultAuthenticationKeyGenerator {
private static final String CLIENT_ID = "client_id";
private static final String SCOPE = "scope";
private static final String USERNAME = "username";
@Override
public String extractKey(OAuth2Authentication authentication) {
Map<String, String> values = new LinkedHashMap<String, String>();
OAuth2Request authorizationRequest = authentication.getOAuth2Request();
if (!authentication.isClientOnly()) {
//在用户名后边添加时间戳,使每次的key都不相同
values.put(USERNAME, authentication.getName() + System.currentTimeMillis());
}
values.put(CLIENT_ID, authorizationRequest.getClientId());
if (authorizationRequest.getScope() != null) {
values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<String>(authorizationRequest.getScope())));
}
return generateKey(values);
}
}
然后在界说 TokenStore 时,将上述的 AuthenticationKey 进行装备
import com.biglead.auth.key.CustomAuthenticationKeyGenerator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
@Configuration
public class RedisConfig {
@Autowired
private RedisConnectionFactory redisConnectionFactory;
@Bean
public TokenStore redisTokenStore(){
RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
redisTokenStore.setAuthenticationKeyGenerator(new CustomAuthenticationKeyGenerator());
return redisTokenStore;
}
}
然后重启项目后,屡次运用同一个账户,每次登录都是生成不相同的 token ,互不影响 。
3 单点登录
我要完成的功用是 电脑A浏览器中用户登录办理后台后,能够正常访问资源接口,当在电脑B登录同一个账号后,电脑A中的token失效。
也就是所谓的单点登录功用,同一个用户生成的token 互斥。
单点登录完成的方案很多,这里不去概述,本项目完成的是 自界说 DefaultTokenServices,重写 createAccessToken(创立生成token)
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.*;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.transaction.annotation.Transactional;
import java.util.Date;
import java.util.UUID;
public class TokenService extends DefaultTokenServices {
private TokenEnhancer accessTokenEnhancer;
private TokenStore tokenStore;
@Transactional
@Override
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
//获取当时用户的token
OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
OAuth2RefreshToken refreshToken = null;
if (existingAccessToken != null) {
//假如改写token不为null
if (existingAccessToken.getRefreshToken() != null) {
//移除改写token
refreshToken = existingAccessToken.getRefreshToken();
tokenStore.removeRefreshToken(refreshToken);
}
//再移除已存在的token
tokenStore.removeAccessToken(existingAccessToken);
}
if (refreshToken == null) {
refreshToken = createRefreshToken(authentication);
} else if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
refreshToken = createRefreshToken(authentication);
}
}
OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
tokenStore.storeAccessToken(accessToken, authentication);
// In case it was modified
refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
tokenStore.storeRefreshToken(refreshToken, authentication);
}
return accessToken;
}
private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authentication) {
if (!isSupportRefreshToken(authentication.getOAuth2Request())) {
return null;
}
int validitySeconds = getRefreshTokenValiditySeconds(authentication.getOAuth2Request());
String value = UUID.randomUUID().toString();
if (validitySeconds > 0) {
return new DefaultExpiringOAuth2RefreshToken(value, new Date(System.currentTimeMillis()
+ (validitySeconds * 1000L)));
}
return new DefaultOAuth2RefreshToken(value);
}
private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request());
if (validitySeconds > 0) {
token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L)));
}
token.setRefreshToken(refreshToken);
token.setScope(authentication.getOAuth2Request().getScope());
return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token;
}
@Override
public void setTokenStore(TokenStore tokenStore) {
super.setTokenStore(tokenStore);
this.tokenStore = tokenStore;
}
@Override
public void setTokenEnhancer(TokenEnhancer accessTokenEnhancer) {
super.setTokenEnhancer(accessTokenEnhancer);
this.accessTokenEnhancer = accessTokenEnhancer;
}
}
然后在界说 OAuth2.0 令牌办理服务时,运用自界说的 Service
//令牌办理服务
@Bean(name = "authorizationServerTokenServicesCustom")
public AuthorizationServerTokenServices tokenService() {
//默许的
//DefaultTokenServices service = new DefaultTokenServices();
//自界说的
TokenService service = new TokenService();
service.setSupportRefreshToken(true);//支持改写令牌
service.setTokenStore(tokenStore);//令牌存储战略
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
service.setTokenEnhancer(tokenEnhancerChain);
service.setAccessTokenValiditySeconds(7200); // 令牌默许有效期2小时
service.setRefreshTokenValiditySeconds(259200); // 改写令牌默许有效期3天
return service;
}
本项目 SpringCloud 源码 gitee.com/android.lon… 本项目 办理后台web 源码gitee.com/android.lon… 假如有兴趣能够重视一下公众号 biglead ,每周都会有 java、Flutter、小程序、js 、英语相关的内容分享.
本文正在参加「金石方案」
