spring cloud oauth2+jwt搭建
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private AuthApi authApi;
@Autowired
private UserLoginService userLoginService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetail userDetail=authApi.getByUsername(username).getBody();
List<? extends GrantedAuthority> authorities = new ArrayList();
return new OAuthUser(userDetail,new User(userDetail.getUsername(),userDetail.getPassword(),authorities));
}
public OAuthUser loadUserByUsernameAndSmscode(String username,String smscode){
boolean verified=userLoginService.verifyLoginSmscode(username, smscode);
if(!verified){
return null;
}
UserDetail userDetail=authApi.getByUsername(username).getBody();
List<? extends GrantedAuthority> authorities = new ArrayList();
return new OAuthUser(userDetail,new User(userDetail.getUsername(),userDetail.getPassword(),authorities));
}
}
public class SmscodeTokenGranter extends AbstractTokenGranter {
private static final String GRANT_TYPE = "sms_code";
protected CustomUserDetailsService userDetailsService;
private OAuth2RequestFactory requestFactory;
public SmscodeTokenGranter(CustomUserDetailsService userDetailsService,
AuthorizationServerTokenServices tokenServices,
ClientDetailsService clientDetailsService,
OAuth2RequestFactory requestFactory) {
super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
this.userDetailsService=userDetailsService;
this.requestFactory=requestFactory;
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = tokenRequest.getRequestParameters();
OAuthUser user = this.getUser(parameters);
if (user == null) {
throw new InvalidGrantException("无法获取用户信息");
}
OAuth2Request storedOAuth2Request = this.requestFactory.createOAuth2Request(client, tokenRequest);
PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(user, null, user.getAuthorities());
authentication.setDetails(user);
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(storedOAuth2Request, authentication);
return oAuth2Authentication;
}
private OAuthUser getUser(Map<String,String> params){
return userDetailsService.loadUserByUsernameAndSmscode(params.get("username"),params.get("smscode"));
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenGranter(new CompositeTokenGranter(this.getTokenGranters(endpoints.getClientDetailsService(),endpoints.getTokenServices(),endpoints.getAuthorizationCodeServices(),endpoints.getOAuth2RequestFactory())));
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
.tokenStore(tokenStore()).accessTokenConverter(jwtAccessTokenConverter());
endpoints.exceptionTranslator(oAuth2ExceptionTranslator());
}
private List<TokenGranter> getTokenGranters(ClientDetailsService clientDetails,AuthorizationServerTokenServices tokenServices,AuthorizationCodeServices authorizationCodeServices,OAuth2RequestFactory requestFactory) {
List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails,requestFactory));
tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new SmscodeTokenGranter((CustomUserDetailsService) userDetailsService,tokenServices,clientDetails,requestFactory));
if (authenticationManager != null) {
tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,clientDetails, requestFactory));
}
return tokenGranters;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("user-service")
.scopes("userApi")
.secret("123456")
.authorizedGrantTypes("password", "sms_code", "authorization_code", "refresh_token")
.accessTokenValiditySeconds(518400)
.refreshTokenValiditySeconds(604800);
}