mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-22 12:48:58 +08:00
🐛 Fixing a bug. 令牌抽取失败
This commit is contained in:
parent
f2f90b3844
commit
13bb2edb61
81
db/auth.sql
81
db/auth.sql
@ -1,81 +0,0 @@
|
||||
SET NAMES utf8mb4;
|
||||
SET FOREIGN_KEY_CHECKS = 0;
|
||||
|
||||
-- ----------------------------
|
||||
-- Table structure for oauth2_authorization
|
||||
-- ----------------------------
|
||||
DROP TABLE IF EXISTS `oauth2_authorization`;
|
||||
CREATE TABLE `oauth2_authorization` (
|
||||
`id` varchar(100) NOT NULL,
|
||||
`registered_client_id` varchar(100) NOT NULL,
|
||||
`principal_name` varchar(200) NOT NULL,
|
||||
`authorization_grant_type` varchar(100) NOT NULL,
|
||||
`attributes` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci,
|
||||
`state` varchar(500) DEFAULT NULL,
|
||||
`authorization_code_value` blob,
|
||||
`authorization_code_issued_at` timestamp NULL DEFAULT NULL,
|
||||
`authorization_code_expires_at` timestamp NULL DEFAULT NULL,
|
||||
`authorization_code_metadata` varchar(2000) DEFAULT NULL,
|
||||
`access_token_value` blob,
|
||||
`access_token_issued_at` timestamp NULL DEFAULT NULL,
|
||||
`access_token_expires_at` timestamp NULL DEFAULT NULL,
|
||||
`access_token_metadata` varchar(2000) DEFAULT NULL,
|
||||
`access_token_type` varchar(100) DEFAULT NULL,
|
||||
`access_token_scopes` varchar(1000) DEFAULT NULL,
|
||||
`oidc_id_token_value` blob,
|
||||
`oidc_id_token_issued_at` timestamp NULL DEFAULT NULL,
|
||||
`oidc_id_token_expires_at` timestamp NULL DEFAULT NULL,
|
||||
`oidc_id_token_metadata` varchar(2000) DEFAULT NULL,
|
||||
`refresh_token_value` blob,
|
||||
`refresh_token_issued_at` timestamp NULL DEFAULT NULL,
|
||||
`refresh_token_expires_at` timestamp NULL DEFAULT NULL,
|
||||
`refresh_token_metadata` varchar(2000) DEFAULT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
|
||||
|
||||
-- ----------------------------
|
||||
-- Table structure for oauth2_authorization_consent
|
||||
-- ----------------------------
|
||||
DROP TABLE IF EXISTS `oauth2_authorization_consent`;
|
||||
CREATE TABLE `oauth2_authorization_consent` (
|
||||
`registered_client_id` varchar(100) NOT NULL,
|
||||
`principal_name` varchar(200) NOT NULL,
|
||||
`authorities` varchar(1000) NOT NULL,
|
||||
PRIMARY KEY (`registered_client_id`,`principal_name`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
|
||||
|
||||
-- ----------------------------
|
||||
-- Records of oauth2_authorization_consent
|
||||
-- ----------------------------
|
||||
BEGIN;
|
||||
COMMIT;
|
||||
|
||||
-- ----------------------------
|
||||
-- Table structure for oauth2_registered_client
|
||||
-- ----------------------------
|
||||
DROP TABLE IF EXISTS `oauth2_registered_client`;
|
||||
CREATE TABLE `oauth2_registered_client` (
|
||||
`id` varchar(100) NOT NULL,
|
||||
`client_id` varchar(100) NOT NULL,
|
||||
`client_id_issued_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
`client_secret` varchar(200) DEFAULT NULL,
|
||||
`client_secret_expires_at` timestamp NULL DEFAULT NULL,
|
||||
`client_name` varchar(200) NOT NULL,
|
||||
`client_authentication_methods` varchar(1000) NOT NULL,
|
||||
`authorization_grant_types` varchar(1000) NOT NULL,
|
||||
`redirect_uris` varchar(1000) DEFAULT NULL,
|
||||
`scopes` varchar(1000) NOT NULL,
|
||||
`client_settings` varchar(2000) NOT NULL,
|
||||
`token_settings` varchar(2000) NOT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
|
||||
|
||||
-- ----------------------------
|
||||
-- Records of oauth2_registered_client
|
||||
-- ----------------------------
|
||||
BEGIN;
|
||||
INSERT INTO `oauth2_registered_client` VALUES ('jumuning', 'jumuning', '2021-11-24 10:39:41', '{bcrypt}$2a$10$aNZ7R/TpKdRBrPT/gl7Avur0mj.1MAwbz47RT1Lm0sNZm51K4WFvC', NULL, 'jumuning', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,password,authorization_code', 'https://www.baidu.com', 'message.read,role.admin', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",3600.000000000]}');
|
||||
INSERT INTO `oauth2_registered_client` VALUES ('pig', 'pig', '2021-11-24 16:35:24', '{bcrypt}$2a$10$oKyVIM.bR8Bjt5PCMZzRJedqEfaQkUhfLkbxpNfM8xPS/JnjtVFZ2', NULL, 'pig', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,password,authorization_code', 'https://pig4cloud.com', 'message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",10800.000000000],\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",10800.000000000]}');
|
||||
COMMIT;
|
||||
|
||||
SET FOREIGN_KEY_CHECKS = 1;
|
@ -1,36 +0,0 @@
|
||||
package com.pig4cloud.pig.common.security.component;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.core.convert.converter.Converter;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.oauth2.core.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.jwt.JwtClaimNames;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2022/5/28
|
||||
*/
|
||||
@RequiredArgsConstructor
|
||||
public class CustomjwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
|
||||
|
||||
private final OAuth2AuthorizationService authorizationService;
|
||||
|
||||
@Override
|
||||
public final AbstractAuthenticationToken convert(Jwt jwt) {
|
||||
Collection<GrantedAuthority> authorities = AuthorityUtils.NO_AUTHORITIES;
|
||||
String principalClaimValue = jwt.getClaimAsString(JwtClaimNames.SUB);
|
||||
|
||||
OAuth2Authorization token = authorizationService.findByToken(jwt.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN);
|
||||
|
||||
return new JwtAuthenticationToken(jwt, authorities, principalClaimValue);
|
||||
}
|
||||
|
||||
}
|
@ -36,7 +36,7 @@ import java.util.regex.Pattern;
|
||||
*/
|
||||
public class PigBearerTokenExtractor implements BearerTokenResolver {
|
||||
|
||||
private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$",
|
||||
private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-:._~+/]+=*)$",
|
||||
Pattern.CASE_INSENSITIVE);
|
||||
|
||||
private boolean allowFormEncodedBodyParameter = false;
|
||||
|
@ -3,10 +3,12 @@ package com.pig4cloud.pig.common.security.service;
|
||||
import cn.hutool.core.util.BooleanUtil;
|
||||
import com.pig4cloud.pig.admin.api.entity.SysOauthClientDetails;
|
||||
import com.pig4cloud.pig.admin.api.feign.RemoteClientDetailsService;
|
||||
import com.pig4cloud.pig.common.core.constant.CacheConstants;
|
||||
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
|
||||
import com.pig4cloud.pig.common.core.util.R;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.SneakyThrows;
|
||||
import org.springframework.cache.annotation.Cacheable;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2TokenFormat;
|
||||
@ -78,8 +80,7 @@ public class PigRemoteRegisteredClientRepository implements RegisteredClientRepo
|
||||
*/
|
||||
@Override
|
||||
@SneakyThrows
|
||||
// @Cacheable(value = CacheConstants.CLIENT_DETAILS_KEY, key = "#clientId", unless =
|
||||
// "#result == null")
|
||||
@Cacheable(value = CacheConstants.CLIENT_DETAILS_KEY, key = "#clientId", unless = "#result == null")
|
||||
public RegisteredClient findByClientId(String clientId) {
|
||||
R<SysOauthClientDetails> detailsR = clientDetailsService.getClientDetailsById(clientId,
|
||||
SecurityConstants.FROM_IN);
|
||||
|
@ -69,7 +69,7 @@
|
||||
</logger>
|
||||
|
||||
<!-- Level: FATAL 0 ERROR 3 WARN 4 INFO 6 DEBUG 7 -->
|
||||
<root level="INFO">
|
||||
<root level="DEBUG">
|
||||
<appender-ref ref="console"/>
|
||||
<appender-ref ref="debug"/>
|
||||
<appender-ref ref="error"/>
|
||||
|
Loading…
Reference in New Issue
Block a user