Spring Security OAuth2实现多用户类型认证与多用户类型token刷新(旧)

已于 2023-05-13 20:44:11 修改
阅读量2.8k 收藏 13
点赞数 1
文章标签: spring java 后端
于 2021-12-16 19:11:25 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42552016/article/details/121981706
版权

Spring Security OAuth2实现多用户类型认证(旧)

1. 新增UserDetailsServices extends UserDetailsService,新增自定义的方法

package com.tx.tcm.oauth.security.service;

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/**
 * <p> 自定义UserDetailsService接口类;实现多用户登录 </p>
 **/

public interface UserDetailsServices extends UserDetailsService {
    
    /**
     * 
     * @param username 用户名
     * @param type  用户类型
     * @return org.springframework.security.core.userdetails.UserDetails
     */
    UserDetails loadUserByUsername(String username, String type) throws UsernameNotFoundException;
}

2.UserDetailsServices实现类

package com.tx.tcm.oauth.security.service;

import com.tx.tcm.oauth.system.service.SysUserService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import javax.annotation.Resource;

/**
 * <p> 自定义UserDetailsService接口实现类 </p>
 **/
@Service
public class UserDetailsServicesImpl implements UserDetailsServices {

    private static final String USER = "user";
    private static final String USERCOPE = "userCope";

    @Resource
    SysUserService sysUserService;

    @Override
    public UserDetails loadUserByUsername(String username, String type) throws UsernameNotFoundException {

        return sysUserService.selectSysUserByUsernameType(username, type);
    }

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        return null;
    }
}

从现在开始,所有需要用到userDetailsService的,全部都要替换成自定义CustomUserDetailsService

3. 复制org.springframework.security.authentication.dao.DaoAuthenticationProvider的代码,自定义 CustomAuthenticationProvider,然后进行修改retrieveUser()方法,其他不需要动

package com.tx.tcm.oauth.security.handler;

import com.tx.tcm.oauth.security.service.UserDetailsServices;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsPasswordService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert;

import javax.annotation.Resource;
import java.util.Map;

/**
 * <p> 自定义AuthenticationProvider类实现多用户登录 </p>
 **/
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";
    private PasswordEncoder passwordEncoder;
    private volatile String userNotFoundEncodedPassword;
    @Resource
    private UserDetailsServices userDetailsServices;
    private UserDetailsPasswordService userDetailsPasswordService;
    public CustomAuthenticationProvider() {
        this.setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        if (authentication.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            String presentedPassword = authentication.getCredentials().toString();
            if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
                this.logger.debug("Authentication failed: password does not match stored value");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
    }

    protected void doAfterPropertiesSet() {
        Assert.notNull(this.userDetailsServices, "A UserDetailsService must be set");
    }

    protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        this.prepareTimingAttackProtection();
        // 自定义添加
        Map<String,String> map = (Map<String, String>) authentication.getDetails();
        try {
            // 自定义添加 type必须和传参是的类型一致;否则会报错
            String userType = map.get("type");
            UserDetails loadedUser = getUserDetailsServices().loadUserByUsername(username, userType);
            if (loadedUser == null) {
                throw new InternalAuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
            } else {
                return loadedUser;
            }
        } catch (UsernameNotFoundException var4) {
            this.mitigateAgainstTimingAttack(authentication);
            throw var4;
        } catch (InternalAuthenticationServiceException var5) {
            throw var5;
        } catch (Exception var6) {
            throw new InternalAuthenticationServiceException(var6.getMessage(), var6);
        }
    }

    protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) {
        boolean upgradeEncoding = this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(user.getPassword());
        if (upgradeEncoding) {
            String presentedPassword = authentication.getCredentials().toString();
            String newPassword = this.passwordEncoder.encode(presentedPassword);
            user = this.userDetailsPasswordService.updatePassword(user, newPassword);
        }

        return super.createSuccessAuthentication(principal, authentication, user);
    }

    private void prepareTimingAttackProtection() {
        if (this.userNotFoundEncodedPassword == null) {
            this.userNotFoundEncodedPassword = this.passwordEncoder.encode("userNotFoundPassword");
        }

    }

    private void mitigateAgainstTimingAttack(UsernamePasswordAuthenticationToken authentication) {
        if (authentication.getCredentials() != null) {
            String presentedPassword = authentication.getCredentials().toString();
            this.passwordEncoder.matches(presentedPassword, this.userNotFoundEncodedPassword);
        }

    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
        this.passwordEncoder = passwordEncoder;
        this.userNotFoundEncodedPassword = null;
    }

    protected PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public void setUserDetailsServices(UserDetailsServices userDetailsServices) {
        this.userDetailsServices = userDetailsServices;
    }

    protected UserDetailsServices getUserDetailsServices() {
        return this.userDetailsServices;
    }

    public void setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) {
        this.userDetailsPasswordService = userDetailsPasswordService;
    }
}

4. 到WebSecurityConfig配置上面的CustomAuthenticationProvider

    /**
     * 配置自定义的CustomAuthenticationProvider
     */
    @Bean
    public AuthenticationProvider customAuthenticationProvider() {
        CustomAuthenticationProvider customAuthenticationProvider= new CustomAuthenticationProvider();
        customAuthenticationProvider.setUserDetailsServices(userDetailsServices);
        customAuthenticationProvider.setHideUserNotFoundExceptions(false);
        customAuthenticationProvider.setPasswordEncoder(bCryptPasswordEncoder());
        return customAuthenticationProvider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider());
        auth.userDetailsService(userDetailsServices).passwordEncoder(bCryptPasswordEncoder());
    }

Spring Security OAuth2实现多用户类型token刷新

1.复制org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper 自定义 CustomUserDetailsByNameServiceWrapper 在 loadUserDetails() 方法添加自定义的userType

注意这个类中的 userDetailsService 也需要替换成自定义的CustomUserDetailsService

package com.tx.tcm.oauth.security.handler;

import com.tx.tcm.oauth.security.service.UserDetailsServices;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.*;
import org.springframework.util.Assert;

import java.util.Map;

/**
 * <p> 刷新token </p>
 **/

public class CustomUserDetailsByNameServiceWrapper<T extends Authentication> implements AuthenticationUserDetailsService<T>, InitializingBean {
    private UserDetailsServices userDetailsServices = null;

    public CustomUserDetailsByNameServiceWrapper() {
    }

    public CustomUserDetailsByNameServiceWrapper(UserDetailsServices userDetailsServices) {
        Assert.notNull(userDetailsServices, "userDetailsService cannot be null.");
        this.userDetailsServices = userDetailsServices;
    }

    public void afterPropertiesSet() {
        Assert.notNull(this.userDetailsServices, "UserDetailsService must be set");
    }

    public UserDetails loadUserDetails(T authentication) throws UsernameNotFoundException {
        AbstractAuthenticationToken principal = (AbstractAuthenticationToken) authentication.getPrincipal();
        Map<String,String> map = (Map<String, String>) principal.getDetails();
        String userType = map.get("type");
        // 使用自定义的userDetailsService
        return this.userDetailsServices.loadUserByUsername(authentication.getName(), userType);
    }

    public void setUserDetailsService(UserDetailsServices aUserDetailsService) {
        this.userDetailsServices = aUserDetailsService;
    }
}

2.复制 org.springframework.security.oauth2.provider.token.DefaultTokenServices 到自定义的 CustomTokenServices 然后修改refreshAccessToken() 方法

其实只改了if (this.authenticationManager != null && !authentication.isClientOnly()) 这里面的内容,其他的都没动(这个方法好长,容易造成太长不看的感觉…整个弄上来我其实是不情愿的=。=)

package com.tx.tcm.oauth.security.handler;

import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.*;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.*;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

import java.util.Date;
import java.util.Set;
import java.util.UUID;


public class CustomTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean {

    private int refreshTokenValiditySeconds = 2592000;
    private int accessTokenValiditySeconds = 43200;
    private boolean supportRefreshToken = false;
    private boolean reuseRefreshToken = true;
    private TokenStore tokenStore;
    private ClientDetailsService clientDetailsService;
    private TokenEnhancer accessTokenEnhancer;
    private AuthenticationManager authenticationManager;

    public CustomTokenServices() {
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.tokenStore, "tokenStore must be set");
    }

    @Transactional
    public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
        OAuth2AccessToken existingAccessToken = this.tokenStore.getAccessToken(authentication);
        OAuth2RefreshToken refreshToken = null;
        if (existingAccessToken != null) {
            if (!existingAccessToken.isExpired()) {
                this.tokenStore.storeAccessToken(existingAccessToken, authentication);
                return existingAccessToken;
            }

            if (existingAccessToken.getRefreshToken() != null) {
                refreshToken = existingAccessToken.getRefreshToken();
                this.tokenStore.removeRefreshToken(refreshToken);
            }

            this.tokenStore.removeAccessToken(existingAccessToken);
        }

        if (refreshToken == null) {
            refreshToken = this.createRefreshToken(authentication);
        } else if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken)refreshToken;
            if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
                refreshToken = this.createRefreshToken(authentication);
            }
        }

        OAuth2AccessToken accessToken = this.createAccessToken(authentication, refreshToken);
        this.tokenStore.storeAccessToken(accessToken, authentication);
        refreshToken = accessToken.getRefreshToken();
        if (refreshToken != null) {
            this.tokenStore.storeRefreshToken(refreshToken, authentication);
        }

        return accessToken;
    }

    @Transactional(
            noRollbackFor = {InvalidTokenException.class, InvalidGrantException.class}
    )
    public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) throws AuthenticationException {
        if (!this.supportRefreshToken) {
            throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
        } else {
            OAuth2RefreshToken refreshToken = this.tokenStore.readRefreshToken(refreshTokenValue);
            if (refreshToken == null) {
                throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
            } else {
                OAuth2Authentication authentication = this.tokenStore.readAuthenticationForRefreshToken(refreshToken);
                if (this.authenticationManager != null && !authentication.isClientOnly()) {
                    // OAuth2Authentication 中的 Authentication userAuthentication 丢失了 Detail的信息,需要补上
                    // 1.从tokenRequest中获取请求的信息,并重新构造成 UsernamePasswordAuthenticationToken
                    // 2.设置好了Detail的信息再传入构造 PreAuthenticatedAuthenticationToken 交由后面的验证
                    tokenRequest.getRequestParameters();
                    Object details = tokenRequest.getRequestParameters();
                    Authentication userAuthentication1 = authentication.getUserAuthentication();
                    UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken(userAuthentication1.getPrincipal(), userAuthentication1.getCredentials());
                    userAuthentication.setDetails(details);
                    // 去掉原来的,使用自己重新构造的 userAuthentication
//                    Authentication user = new PreAuthenticatedAuthenticationToken(authentication.getUserAuthentication(), "", authentication.getAuthorities());
                    Authentication user = new PreAuthenticatedAuthenticationToken(userAuthentication, "", authentication.getAuthorities());
                    user = this.authenticationManager.authenticate(user);
                    authentication = new OAuth2Authentication(authentication.getOAuth2Request(), user);
                    authentication.setDetails(details);
                }

                String clientId = authentication.getOAuth2Request().getClientId();
                if (clientId != null && clientId.equals(tokenRequest.getClientId())) {
                	//注释下方代码
                	//如果token不存在,执行下方代码会提示java.lang.IllegalArgumentException: Values must not contain null elements!
                    //this.tokenStore.removeAccessTokenUsingRefreshToken(refreshToken);
                    if (this.isExpired(refreshToken)) {
                        this.tokenStore.removeRefreshToken(refreshToken);
                        throw new InvalidTokenException("Invalid refresh token (expired): " + refreshToken);
                    } else {
                        authentication = this.createRefreshedAuthentication(authentication, tokenRequest);
                        if (!this.reuseRefreshToken) {
                            this.tokenStore.removeRefreshToken(refreshToken);
                            refreshToken = this.createRefreshToken(authentication);
                        }

                        OAuth2AccessToken accessToken = this.createAccessToken(authentication, refreshToken);
                        this.tokenStore.storeAccessToken(accessToken, authentication);
                        if (!this.reuseRefreshToken) {
                            this.tokenStore.storeRefreshToken(accessToken.getRefreshToken(), authentication);
                        }

                        return accessToken;
                    }
                } else {
                    throw new InvalidGrantException("Wrong client for this refresh token: " + refreshTokenValue);
                }
            }
        }
    }

    public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
        return this.tokenStore.getAccessToken(authentication);
    }

    private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) {
        Set<String> scope = request.getScope();
        OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request);
        if (scope != null && !scope.isEmpty()) {
            Set<String> originalScope = clientAuth.getScope();
            if (originalScope == null || !originalScope.containsAll(scope)) {
                throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope + ".", originalScope);
            }

            clientAuth = clientAuth.narrowScope(scope);
        }

        OAuth2Authentication narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication());
        return narrowed;
    }

    protected boolean isExpired(OAuth2RefreshToken refreshToken) {
        if (!(refreshToken instanceof ExpiringOAuth2RefreshToken)) {
            return false;
        } else {
            ExpiringOAuth2RefreshToken expiringToken = (ExpiringOAuth2RefreshToken)refreshToken;
            return expiringToken.getExpiration() == null || System.currentTimeMillis() > expiringToken.getExpiration().getTime();
        }
    }

    public OAuth2AccessToken readAccessToken(String accessToken) {
        return this.tokenStore.readAccessToken(accessToken);
    }

    public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException {
        OAuth2AccessToken accessToken = this.tokenStore.readAccessToken(accessTokenValue);
        if (accessToken == null) {
            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
        } else if (accessToken.isExpired()) {
            this.tokenStore.removeAccessToken(accessToken);
            throw new InvalidTokenException("Access token expired: " + accessTokenValue);
        } else {
            OAuth2Authentication result = this.tokenStore.readAuthentication(accessToken);
            if (result == null) {
                throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
            } else {
                if (this.clientDetailsService != null) {
                    String clientId = result.getOAuth2Request().getClientId();

                    try {
                        this.clientDetailsService.loadClientByClientId(clientId);
                    } catch (ClientRegistrationException var6) {
                        throw new InvalidTokenException("Client not valid: " + clientId, var6);
                    }
                }

                return result;
            }
        }
    }

    public String getClientId(String tokenValue) {
        OAuth2Authentication authentication = this.tokenStore.readAuthentication(tokenValue);
        if (authentication == null) {
            throw new InvalidTokenException("Invalid access token: " + tokenValue);
        } else {
            OAuth2Request clientAuth = authentication.getOAuth2Request();
            if (clientAuth == null) {
                throw new InvalidTokenException("Invalid access token (no client id): " + tokenValue);
            } else {
                return clientAuth.getClientId();
            }
        }
    }

    public boolean revokeToken(String tokenValue) {
        OAuth2AccessToken accessToken = this.tokenStore.readAccessToken(tokenValue);
        if (accessToken == null) {
            return false;
        } else {
            if (accessToken.getRefreshToken() != null) {
                this.tokenStore.removeRefreshToken(accessToken.getRefreshToken());
            }

            this.tokenStore.removeAccessToken(accessToken);
            return true;
        }
    }

    private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authentication) {
        if (!this.isSupportRefreshToken(authentication.getOAuth2Request())) {
            return null;
        } else {
            int validitySeconds = this.getRefreshTokenValiditySeconds(authentication.getOAuth2Request());
            String value = UUID.randomUUID().toString();
            return (OAuth2RefreshToken)(validitySeconds > 0 ? new DefaultExpiringOAuth2RefreshToken(value, new Date(System.currentTimeMillis() + (long)validitySeconds * 1000L)) : new DefaultOAuth2RefreshToken(value));
        }
    }

    private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) {
        DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
        int validitySeconds = this.getAccessTokenValiditySeconds(authentication.getOAuth2Request());
        if (validitySeconds > 0) {
            token.setExpiration(new Date(System.currentTimeMillis() + (long)validitySeconds * 1000L));
        }

        token.setRefreshToken(refreshToken);
        token.setScope(authentication.getOAuth2Request().getScope());
        return (OAuth2AccessToken)(this.accessTokenEnhancer != null ? this.accessTokenEnhancer.enhance(token, authentication) : token);
    }

    protected int getAccessTokenValiditySeconds(OAuth2Request clientAuth) {
        if (this.clientDetailsService != null) {
            ClientDetails client = this.clientDetailsService.loadClientByClientId(clientAuth.getClientId());
            Integer validity = client.getAccessTokenValiditySeconds();
            if (validity != null) {
                return validity;
            }
        }

        return this.accessTokenValiditySeconds;
    }

    protected int getRefreshTokenValiditySeconds(OAuth2Request clientAuth) {
        if (this.clientDetailsService != null) {
            ClientDetails client = this.clientDetailsService.loadClientByClientId(clientAuth.getClientId());
            Integer validity = client.getRefreshTokenValiditySeconds();
            if (validity != null) {
                return validity;
            }
        }

        return this.refreshTokenValiditySeconds;
    }

    protected boolean isSupportRefreshToken(OAuth2Request clientAuth) {
        if (this.clientDetailsService != null) {
            ClientDetails client = this.clientDetailsService.loadClientByClientId(clientAuth.getClientId());
            return client.getAuthorizedGrantTypes().contains("refresh_token");
        } else {
            return this.supportRefreshToken;
        }
    }

    public void setTokenEnhancer(TokenEnhancer accessTokenEnhancer) {
        this.accessTokenEnhancer = accessTokenEnhancer;
    }

    public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds) {
        this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
    }

    public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds) {
        this.accessTokenValiditySeconds = accessTokenValiditySeconds;
    }

    public void setSupportRefreshToken(boolean supportRefreshToken) {
        this.supportRefreshToken = supportRefreshToken;
    }

    public void setReuseRefreshToken(boolean reuseRefreshToken) {
        this.reuseRefreshToken = reuseRefreshToken;
    }

    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }
}

3.到认证服务器配置类 Oauth2Config配置刚刚自定义的两个类 CustomUserDetailsByNameServiceWrapper 和 CustomTokenServices

private ClientDetailsService clientDetailsService;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    //自定义TokenServices
    endpoints.tokenServices(customTokenServices(endpoints));
}

private CustomTokenServices customTokenServices(AuthorizationServerEndpointsConfigurer endpoints) {
    CustomTokenServices tokenServices = new CustomTokenServices();
    tokenServices.setTokenStore(endpoints.getTokenStore());
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setReuseRefreshToken(true);
    tokenServices.setClientDetailsService(clientDetailsService);
    tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
    // 设置自定义的CustomUserDetailsByNameServiceWrapper
    if (userDetailsServices != null) {
        PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
        provider.setPreAuthenticatedUserDetailsService(new CustomUserDetailsByNameServiceWrapper(userDetailsServices));
        tokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(provider)));
    }
    return tokenServices;
}
触不可及,而又念念不忘
关注
spring oauth2.0 多种用户登录
死歌末日的博客
05-07 1730
近期遇到一个问题,在spring oauth2.0默认的密码登录校验中,只能访问单个数据库表,但针对不同的表用户,需要访问不同的表,所以需要传一个新参去判断用户访问不同的表来校验账号密码 本文主要是是讨论oauth2.0支持多表用户登录 我使用的Spring Boot为2.2.5.RELEAS,SpringCloud为Hoxton.SR2 对于多个表用户,需要传递不同的参数来区分是访问哪个表,所以在请求参数中增加了loginType来区分不同的用户 在ResourceServerConfig中配置中
Spring Security OAuth2实现多用户类型认证多用户类型token刷新(新)
weixin_42552016的博客
05-13 748
此方法基于覆盖源码路径实现,以最少的配置完成Spring Security OAuth2实现多用户类型认证多用户类型token刷新
Spring Security OAuth2实现多用户类型认证刷新Token
susu1083018911的博客
03-07 3887
loadUserByUsername携带多个参数
SpringCloud-Oauth2 不同类型用户认证
qq_42962779的博客
08-21 2719
oauth2提供了UserDetailsService类中loadUserByUsername方法来让我们查询数据库,返回查询到的数据,但是只提供了一个参数的方式, 最近在项目中,遇到了小程序端用户和管理端用户分表的情况,那么这种单参数的认证是无法满足的,需要根据不同场景来做不同的令牌发放处理, 百度之后找到了答案,很感谢, 参考参考自此博客 解决之后记录一下 @Override public UserDetails loadUserByUsername(String username) thr
解密Spring Security多用户类型认证授权、刷新Token,助您构建安全完备的应用
最新发布
资料免费分享,点击名片
10-31 561
1.2 复制org.springframework.security.authentication.dao.DaoAuthenticationProvider的代码,自定义 CustomAuthenticationProvider(注意写法,是实现AbstractUserDetailsAuthenticationProvider并将DaoAuthenticationProvider内容复制到此类里面),然后进行修改retrieveUser()方法,其他不需要动.= null &&!
SpringBoot OAuth2.0 refresh_token刷新令牌)
狮子大大
03-26 4116
SpringBoot OAuth2.0 刷新令牌 通常在 access_token 时间过期后,需要去获取新的 token 才能继续访问接口 在 使用 SpringSecurity + OAuth2.0, 可以采用 refresh_token 模式重新申请 access_token 修改 MooseAuthorizationServerConfiguration 文件 /** * Authorization Server endpoints. * * @throws Exception
Spring Security OAuth2 实现登录互踢的示例代码
08-19
本文主要介绍了 Spring Security OAuth2 实现登录互踢的示例代码,通过示例代码详细介绍了如何实现用户单一终端的唯一性登录。 OAuth2 是一种身份验证协议,通过将客户端、资源服务器和授权服务器分离,实现了灵活...
Spring Security OAuth2认证授权示例详解
08-25
通过以上讲解,我们可以看到Spring Security OAuth2如何帮助开发者构建安全的认证和授权系统,以及如何使用OAuth2授权协议来保护用户数据。理解这些概念和配置细节对于开发涉及用户数据交换和安全访问控制的现代Web...
Springboot整合Spring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证及授权
04-22
本教程将探讨如何使用Spring Boot结合Spring SecurityOAuth2和JWT(JSON Web Token)来搭建一个认证服务器、API网关以及微服务之间的权限认证和授权机制。 首先,Spring SecuritySpring框架的一个模块,专门...
Spring Security OAuth2集成短信验证码登录以及第三方登录
08-27
实现集成登录认证组件时,我们需要了解OAuth2.0认证体系、SpringBoot、SpringSecurity以及Spring Cloud等相关知识。同时,我们还需要了解如何定义拦截器、如何在拦截的通知进行预处理、如何在UserDetailService....
Spring Security 3多用户登录实现
04-13
NULL 博文链接:https://dreamzhong.iteye.com/blog/1722261
Spring Security 3多用户登录实现之七 用户验证失败处理改进
04-13
NULL 博文链接:https://dreamzhong.iteye.com/blog/1722422
基于若依框架springsecurity添加多种用户登录解决方案(springsecurity多用户登录:前端用户、后端用户)
热门推荐
rg10szc的博客
03-17 1万+
自己需求如下(多种用户登录): 后端pc管理员账号、手机app用户,若依框架使用springsecurity框架到验证数据库那一步只能继承UserDetailsService(String username)这个方法,而且只能传递一个username,由于我是多张用户表,就自己想了个方案解决这个问题(把username改成JSON:{username:"admin",userType:"admin"}字符串),为了尽量少改若依原框架,且满足自己项目需求。熟悉springsecurity的可以修改增加filt
Spring security 多端多用户实战、认证鉴权扩展深入
Hades_iphone的博客
07-25 3066
Spring security 多端多用户实战、认证鉴权扩展深入 前言从配置开始搭建从实战场景开始从基础的账号密码开始如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLowchart流程图导出与导入导出导入 当你阅读这篇文章的时候,我们假设你已经对Spring security有所了解,并且懂得如何初步使用。 前
Oauth2.0实现token刷新功能
康小虎的博客
07-13 1万+
1、Oauth2.0简介 Oauth2.0是一个授权协议,提供了一种解决用户资源共享问题的思路,它不是一种实现。对于java来说,我们可以利用Spring Security OAuth2来实现Oauth2.0实现的最基本的思路: 上图的名词解释: 几种授权模式: 授权码模式基本思路: 微服务架构下的时序图: 2、刷新token (1)基本思路 首先我们要明白,在授权码模式下,在网关请求获取access token的时候,接口会返回一个access token和一个refresh token,我
spring-security类型用户登录+登录多参数验证
is_zhoufeng的专栏
05-03 1万+
如果一个系统分为前台用户和后台用户那么就不能使用spring-security的默认配置了。 需要自己来分开配置两种用户的登录方式。 首先创建spring-disuser-security.xml 与 spring-etuser-security.xml 两个配置文件,分别来配置两种用户登录的权限与验证方式 spring-disuser-security.xml的内容如下 <beans
Spring全家桶-Spring Security多用户管理(内存和数据库)
HQ DevJ的专栏
05-09 1705
Spring全家桶-Spring Security多用户管理 Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC(控制反转),DI(依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。 文章目录Spring全家桶-Spring Security多用户管理为什么需要多用户?一
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值