@Bean public JwtTokenStore tokenStore() { JwtTokenStore store = new JwtTokenStore(tokenEnhancer()); return store; }
@Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
@Override public OAuth2RefreshToken readRefreshToken(String tokenValue) { OAuth2AccessToken encodedRefreshToken = convertAccessToken(tokenValue); OAuth2RefreshToken refreshToken = createRefreshToken(encodedRefreshToken); if (approvalStore != null) { OAuth2Authentication authentication = readAuthentication(tokenValue); if (authentication.getUserAuthentication() != null) { String userId = authentication.getUserAuthentication().getName(); String clientId = authentication.getOAuth2Request().getClientId(); Collection<Approval> approvals = approvalStore.getApprovals(userId, clientId); Collection<String> approvedScopes = new HashSet<String>(); for (Approval approval : approvals) { if (approval.isApproved()) { approvedScopes.add(approval.getScope()); } } if (!approvedScopes.containsAll(authentication.getOAuth2Request().getScope())) { return null; } } } return refreshToken; }
@Override public OAuth2AccessToken readAccessToken(String tokenValue) { OAuth2AccessToken accessToken = convertAccessToken(tokenValue); if (jwtTokenEnhancer.isRefreshToken(accessToken)) { throw new InvalidTokenException("Encoded token is a refresh token"); } return accessToken; }
@Override public OAuth2AccessToken readAccessToken(String tokenValue) { OAuth2AccessToken accessToken = convertAccessToken(tokenValue); if (jwtTokenEnhancer.isRefreshToken(accessToken)) { throw new InvalidTokenException("Encoded token is a refresh token"); } return accessToken; }
@Bean public JwtTokenStore tokenStore() throws Exception { JwtAccessTokenConverter enhancer = new JwtAccessTokenConverter(); // N.B. in a real system you would have to configure the verifierKey (or use JdbcTokenStore) enhancer.afterPropertiesSet(); return new JwtTokenStore(enhancer); }
@Override public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) { return readAuthentication(token.getValue()); }
@Override public OAuth2RefreshToken readRefreshToken(String tokenValue) { OAuth2AccessToken encodedRefreshToken = convertAccessToken(tokenValue); OAuth2RefreshToken refreshToken = createRefreshToken(encodedRefreshToken); if (approvalStore != null) { OAuth2Authentication authentication = readAuthentication(tokenValue); if (authentication.getUserAuthentication() != null) { String userId = authentication.getUserAuthentication().getName(); String clientId = authentication.getOAuth2Request().getClientId(); Collection<Approval> approvals = approvalStore.getApprovals(userId, clientId); Collection<String> approvedScopes = new HashSet<String>(); for (Approval approval : approvals) { if (approval.isApproved()) { approvedScopes.add(approval.getScope()); } } if (!approvedScopes.containsAll(authentication.getOAuth2Request().getScope())) { return null; } } } return refreshToken; }
private TokenStore tokenStore() { if (tokenStore == null) { if (accessTokenConverter() instanceof JwtAccessTokenConverter) { this.tokenStore = new JwtTokenStore((JwtAccessTokenConverter) accessTokenConverter()); } else { this.tokenStore = new InMemoryTokenStore(); } } return this.tokenStore; }
private void remove(String token) { if (approvalStore != null) { OAuth2Authentication auth = readAuthentication(token); String clientId = auth.getOAuth2Request().getClientId(); Authentication user = auth.getUserAuthentication(); if (user != null) { Collection<Approval> approvals = new ArrayList<Approval>(); for (String scope : auth.getOAuth2Request().getScope()) { approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED)); } approvalStore.revokeApprovals(approvals); } } } }
/** * Creates a new instance using the provided URLs as the location for the JWK Sets * and a custom {@link AccessTokenConverter} and {@link JwtClaimsSetVerifier}. * * @param jwkSetUrls the JWK Set URLs * @param accessTokenConverter a custom {@link AccessTokenConverter} * @param jwtClaimsSetVerifier a custom {@link JwtClaimsSetVerifier} */ public JwkTokenStore(List<String> jwkSetUrls, AccessTokenConverter accessTokenConverter, JwtClaimsSetVerifier jwtClaimsSetVerifier) { JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrls); JwkVerifyingJwtAccessTokenConverter jwtVerifyingAccessTokenConverter = new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource); if (accessTokenConverter != null) { jwtVerifyingAccessTokenConverter.setAccessTokenConverter(accessTokenConverter); } if (jwtClaimsSetVerifier != null) { jwtVerifyingAccessTokenConverter.setJwtClaimsSetVerifier(jwtClaimsSetVerifier); } this.delegate = new JwtTokenStore(jwtVerifyingAccessTokenConverter); }
@Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
@Bean public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) { return new JwtTokenStore(jwtAccessTokenConverter); }
@Override public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) { return readAuthentication(token.getValue()); }
@Bean public JwtTokenStore tokenStore(JwtAccessTokenConverter jwtTokenEnhancer) { return new JwtTokenStore(jwtTokenEnhancer); }
private void doSomething(RequestContext requestContext) { HttpServletRequest request = requestContext.getRequest(); String requestURI = request.getRequestURI(); if (OPTIONS.equalsIgnoreCase(request.getMethod()) || requestURI.contains(AUTH_PATH)) { return; } List<Route> routeMaps = routeLocator.getRoutes(); if (!routeMaps.stream().anyMatch(x -> PatternMatchUtils.simpleMatch(x.getPath(), requestURI) )) { return; } String token = StringUtils.substringAfter(request.getHeader(HttpHeaders.AUTHORIZATION), BEARER_TOKEN_TYPE); if (!StringUtils.isEmpty(token)) { String authHeader = BEARER_TOKEN_TYPE + token; // 传递给后续微服务 requestContext.addZuulRequestHeader(CoreHeaderInterceptor.HEADER_LABEL, authHeader); log.info("authHeader={} ", authHeader); OAuth2Authentication authentication = jwtTokenStore.readAuthentication(token); SecurityContextHolder.getContext().setAuthentication(authentication); } Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); log.info("authentication=" + authentication); }
@Bean @Qualifier("tokenStore") public TokenStore tokenStore() { System.out.println("Created JwtTokenStore"); return new JwtTokenStore(jwtAccessTokenConverter); }
private void remove(String token) { if (approvalStore != null) { OAuth2Authentication auth = readAuthentication(token); String clientId = auth.getOAuth2Request().getClientId(); Authentication user = auth.getUserAuthentication(); if (user != null) { Collection<Approval> approvals = new ArrayList<Approval>(); for (String scope : auth.getOAuth2Request().getScope()) { approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED)); } approvalStore.revokeApprovals(approvals); } } } }
@Bean @Qualifier("tokenStore") public TokenStore tokenStore() { System.out.println("Created JwtTokenStore"); return new JwtTokenStore(jwtAccessTokenConverter); }
Principal principal = jwtTokenStore.readAuthentication(token).getUserAuthentication(); if(principal == null && !StompCommand.DISCONNECT.equals(accessor.getCommand())) { return message;