SpringSecurity OAuth2 自定义授权 微信小程序登录

结合网络上的方法,主要有两种方式,一种是采用Filter,一种是采用自定义授权,目前我实现的方式是采用的是“自定义授权”的方式实现微信小程序登录验证。


不废话,直接上代码,具体实现“自定义授权”如下:

1、自定义微信小程序的授权

/**
 *  自定义微信微信授权者
 * @author kwj
 * @date 2022/5/15
 */
public class WechatTokenGranter extends AbstractTokenGranter {

    // 自定义授权方式为 wechat
    private static final String GRANT_TYPE = "wechat";

    private final AuthenticationManager authenticationManager;

    public WechatTokenGranter(AuthenticationManager authenticationManager,
                              AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
        this(authenticationManager, tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
    }

    protected WechatTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices,
                                 ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {
        super(tokenServices, clientDetailsService, requestFactory, grantType);
        this.authenticationManager = authenticationManager;
    }

    @Override
    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {

        Map<String, String> parameters = new LinkedHashMap(tokenRequest.getRequestParameters());
        String code = parameters.get("code");
//        String encryptedData = parameters.get("encryptedData");
//        String iv = parameters.get("iv");

        // 移除后续无用参数
        parameters.remove("code");
//        parameters.remove("encryptedData");
//        parameters.remove("iv");

        Authentication userAuth = new WechatAuthenticationToken(code); // 未认证状态
        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);

        try {
            userAuth = this.authenticationManager.authenticate(userAuth); // 认证中
        } catch (Exception e) {
            throw new InvalidGrantException(e.getMessage());
        }

        if (userAuth != null && userAuth.isAuthenticated()) { // 认证成功
            OAuth2Request storedOAuth2Request = this.getRequestFactory().createOAuth2Request(client, tokenRequest);
            return new OAuth2Authentication(storedOAuth2Request, userAuth);
        } else { // 认证失败
            throw new InvalidGrantException("Could not authenticate code: " + code);
        }
    }
}

2、定义微信认证的Token

/**
 * 自定义微信认证token
 * @author kwj
 */
public class WechatAuthenticationToken extends AbstractAuthenticationToken {

    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

    private final Object principal;

    public WechatAuthenticationToken(String mobile) {
        super(null);
        this.principal = mobile;
        setAuthenticated(false);
    }
    @JsonCreator
    public WechatAuthenticationToken(@JsonProperty("principal") Object principal,
                                     @JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
        super(authorities);
        this.principal = principal;
        super.setAuthenticated(true);
    }

    @Override
    public Object getPrincipal() {
        return this.principal;
    }

    @Override
    public Object getCredentials() {
        return null;
    }

    @Override
    @SneakyThrows
    public void setAuthenticated(boolean isAuthenticated) {
        if (isAuthenticated) {
            throw new IllegalArgumentException(
                    "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }

        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials() {
        super.eraseCredentials();
    }
}

3、定义微信认证具体的实现类

/**
 * 微信认证具体实现类
 * @author kwj
 */
@Slf4j
@Component
public class WechatAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private WechatConfig wechatConfig;

    @Autowired
    private IWechatUserService webchatUserService;

    @Autowired
    private UserManager userManager;

    @Override
    @SneakyThrows
    public Authentication authenticate(Authentication authentication) {
        HttpServletRequest httpServletRequest = DciUtil.getHttpServletRequest();

        WechatAuthenticationToken wechatAuthenticationToken = (WechatAuthenticationToken) authentication;

        String code = wechatAuthenticationToken.getPrincipal().toString();
        System.out.println(code);
        
        // 调用微信请求接口,获取openId的值
        String url = "https://api.weixin.qq.com/sns/jscode2session?appid={appid}&secret={secret}&js_code={code}&grant_type=authorization_code";
        Map<String, String> requestMap = new HashMap<>();
        requestMap.put("appid", wechatConfig.getAppid());
        requestMap.put("secret", wechatConfig.getSecret());
        requestMap.put("code", code);

        ResponseEntity<String> responseEntity = restTemplate.getForEntity(url, String.class,requestMap);
        JSONObject jsonObject= JSONObject.parseObject(responseEntity.getBody());
        System.out.println(jsonObject);
        String openId=jsonObject.getString("openid");
//        String session_key=jsonObject.getString("session_key");

        // 项目码
        String projectCode = httpServletRequest.getParameter("projectCode");

        if(StringUtils.isEmpty(openId)) {
            throw new AuthenticationServiceException("Wechat Invalid Code");
        }

        WechatUser wechatUser = new WechatUser();
        wechatUser.setProjectCode(projectCode);
        wechatUser.setOpenid(openId);
        WechatUser weUser = webchatUserService.getWechatUserByOpenId(wechatUser);

        // 如果是第一次登录,进行信息添加
        if(weUser == null) {
            wechatUser.setCreateTime(new Date());
            webchatUserService.save(wechatUser);
            httpServletRequest.setAttribute("wxid", wechatUser.getWxid());
            throw new AuthenticationServiceException("Wechat No Bind Phone");
        } else {
            String phone = weUser.getPhone();
            if(StringUtils.isEmpty(phone)) {
                httpServletRequest.setAttribute("wxid", weUser.getWxid());
                throw new AuthenticationServiceException("Wechat No Bind Phone");
            }
        }

        // 预留权限控制,防止以后需要
        String permissions = "";

        List<GrantedAuthority> grantedAuthorities = AuthorityUtils.NO_AUTHORITIES;
        if (StringUtils.isNotBlank(permissions)) {
            grantedAuthorities = AuthorityUtils.commaSeparatedStringToAuthorityList(permissions);
        }

        DciAuthUser authUser = new DciAuthUser(weUser.getPhone(), "", grantedAuthorities);
        BeanUtils.copyProperties(weUser, authUser);
        authUser.setCurrProjectCode("2");

        WechatAuthenticationToken authenticationToken = new WechatAuthenticationToken(authUser,
                authUser.getAuthorities());
        LinkedHashMap<Object, Object> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put("principal", authenticationToken.getPrincipal());
        authenticationToken.setDetails(linkedHashMap);
        return authenticationToken;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return WechatAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

4、认证服务配置中增加自定义的授权

在继承AuthorizationServerConfigurerAdapter的配置类中添加如下代码:

/**
     * 创建grant_type列表
     * @param endpoints
     * @return
     */
    private TokenGranter tokenGranter(AuthorizationServerEndpointsConfigurer endpoints) {
        List<TokenGranter> list = new ArrayList<>();
        // 这里配置密码模式
        if (authenticationManager != null) {
            list.add(new ResourceOwnerPasswordTokenGranter(authenticationManager,
                    endpoints.getTokenServices(),
                    endpoints.getClientDetailsService(),
                    endpoints.getOAuth2RequestFactory()));
        }

        //刷新token模式、
        list.add(new RefreshTokenGranter
                (endpoints.getTokenServices(),
                        endpoints.getClientDetailsService(),
                        endpoints.getOAuth2RequestFactory()));

        //授权码模式、
        list.add(new AuthorizationCodeTokenGranter(
                endpoints.getTokenServices(),
                endpoints.getAuthorizationCodeServices(),
                endpoints.getClientDetailsService(),
                endpoints.getOAuth2RequestFactory()));
        //、简化模式
        list.add(new ImplicitTokenGranter(
                endpoints.getTokenServices(),
                endpoints.getClientDetailsService(),
                endpoints.getOAuth2RequestFactory()));

        //客户端模式
        list.add(new ClientCredentialsTokenGranter(
                endpoints.getTokenServices(),
                endpoints.getClientDetailsService(),
                endpoints.getOAuth2RequestFactory()));

        //  以上为oauth自带的认证,需再次加一遍

        // 微信小程序验证模式(自定义)、
        list.add(new WechatTokenGranter(
                authenticationManager,
                endpoints.getTokenServices(),
                endpoints.getClientDetailsService(),
                endpoints.getOAuth2RequestFactory()));

        return new CompositeTokenGranter(list);
    }

5、在security中配置微信小程序认证的实现类

在继承WebSecurityConfigurerAdapter的配置类中添加如下代码:

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 配置具体的认证类
        auth.authenticationProvider(wechatAuthenticationProvider)
                .userDetailsService(userDetailService)
                .passwordEncoder(passwordEncoder);
}

6、微信小程序发起请求

微信端发起请求时,除传入需要的参数外,还需传入参数grant_type:'wechat',此处是与上面步骤一定义的名称是一致的。

  • 5
    点赞
  • 42
    收藏
    觉得还不错? 一键收藏
  • 8
    评论
自定义微信小程序登录,首先需要在小程序后台配置相应的登录信息,包括app id、app secret等。然后,可以使用Spring Security提供的OAuth2登录功能进行集成。 具体步骤如下: 1. 添加依赖 ```xml <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> <version>2.1.0.RELEASE</version> </dependency> ``` 2. 配置微信小程序信息 ```yaml spring: security: oauth2: client: registration: weixin: client-id: <your-client-id> client-secret: <your-client-secret> scope: snsapi_login redirect-uri: <your-redirect-uri> client-name: weixin provider: weixin: authorization-uri: https://api.weixin.qq.com/sns/jscode2session token-uri: https://api.weixin.qq.com/cgi-bin/token user-info-uri: https://api.weixin.qq.com/cgi-bin/user/info user-name-attribute: openid ``` 3. 自定义微信小程序登录处理器 ```java @Component public class WeixinOAuth2UserService extends OAuth2UserService<OAuth2UserRequest, OAuth2User> { @Override public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { String openid = userRequest.getAdditionalParameters().get("openid").toString(); // 根据openid获取用户信息 // ... // 构造OAuth2User对象 return new DefaultOAuth2User(Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")), user.getAttributes(), user.getNameAttributeKey()); } } ``` 4. 配置Spring Security ```java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private WeixinOAuth2UserService weixinOAuth2UserService; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/login/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/") .permitAll() .and() .oauth2Login() .loginPage("/login") .userInfoEndpoint() .userService(weixinOAuth2UserService) .and() .and() .logout() .logoutUrl("/logout") .permitAll(); } } ``` 以上就是使用Spring Security自定义微信小程序登录的简单步骤,需要注意的是,微信小程序提供的是OAuth2.0协议,所以需要使用Spring Security OAuth2集成。
评论 8
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值