Example 1 with RedisTokenStore
use of org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore in project new-cloud by xie-summer.
the class UserController method removeToken.
/**
* 清除Redis中 accesstoken refreshtoken
*
* @param accesstoken accesstoken
* @param refreshToken refreshToken
* @return true/false
*/
@PostMapping("/removeToken")
@CacheEvict(value = SecurityConstants.TOKEN_USER_DETAIL, key = "#accesstoken")
public R<Boolean> removeToken(String accesstoken, String refreshToken) {
RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory);
tokenStore.removeRefreshToken(refreshToken);
tokenStore.removeAccessToken(accesstoken);
return new R<>(Boolean.TRUE);
}
Also used :
R(com.auth.common.util.R)
RedisTokenStore(org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
CacheEvict(org.springframework.cache.annotation.CacheEvict)
Example 2 with RedisTokenStore
use of org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore in project fw-cloud-framework by liuweijw.
the class FwAuthorizationConfiguration method redisTokenStore.
/**
* tokenstore 定制化处理 1. 如果使用的 redis-cluster 模式请使用 FwRedisTokenStore FwRedisTokenStore tokenStore = new
* FwRedisTokenStore();
* tokenStore.setRedisTemplate(redisTemplate);
*/
@Bean
public TokenStore redisTokenStore() {
RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory);
tokenStore.setPrefix(SecurityConstant.PREFIX);
return tokenStore;
}
Also used :
RedisTokenStore(org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore)
Bean(org.springframework.context.annotation.Bean)
Example 3 with RedisTokenStore
use of org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore in project fw-cloud-framework by liuweijw.
the class FwAuthorizationConfiguration method configure.
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), jwtAccessTokenConverter()));
endpoints.tokenStore(redisTokenStore()).tokenEnhancer(tokenEnhancerChain).authenticationManager(authenticationManager).reuseRefreshTokens(false).userDetailsService(userDetailsService);
}
Also used :
TokenEnhancerChain(org.springframework.security.oauth2.provider.token.TokenEnhancerChain)
Example 4 with RedisTokenStore
use of org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore in project fw-cloud-framework by liuweijw.
the class PermissionServiceImpl method hasPermission.
@SuppressWarnings("unchecked")
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
// options 跨域配置,现在处理是通过前端配置代理,不使用这种方式,存在风险
/*
* if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) { return true; }
*/
Object principal = authentication.getPrincipal();
List<SimpleGrantedAuthority> grantedAuthorityList = (List<SimpleGrantedAuthority>) authentication.getAuthorities();
boolean hasPermission = false;
if (null == principal)
return hasPermission;
if (CollectionUtils.isEmpty(grantedAuthorityList))
return hasPermission;
String token = JwtUtil.getToken(request);
if (null == token) {
log.warn("==> gateway|permissionService 未获取到Header Authorization");
return hasPermission;
}
if (!"anonymousUser".equals(principal.toString())) {
RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory);
tokenStore.setPrefix(SecurityConstant.PREFIX);
OAuth2AccessToken accessToken = tokenStore.readAccessToken(token);
if (null == accessToken || accessToken.isExpired()) {
log.warn("==> gateway|permissionService token 过期或者不存在");
return hasPermission;
}
}
// 接口层面做了缓存处理,后续可以继续优化
Set<AuthPermission> permissions = new HashSet<AuthPermission>();
for (SimpleGrantedAuthority authority : grantedAuthorityList) {
permissions.addAll(permissionFeignApi.findMenuByRole(authority.getAuthority()));
}
// 网关处理是否拥有菜单权限,菜单下的功能权限校验由调用子模块负责
String requestURI = request.getRequestURI();
for (AuthPermission menu : permissions) {
if (StringHelper.isNotEmpty(menu.getUrl()) && antPathMatcher.match(menu.getUrl(), requestURI)) {
hasPermission = true;
break;
}
}
return hasPermission;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RedisTokenStore(org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
AuthPermission(com.github.liuweijw.system.api.model.AuthPermission)
List(java.util.List)
HashSet(java.util.HashSet)
Aggregations
RedisTokenStore (org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore)3
R (com.auth.common.util.R)1
AuthPermission (com.github.liuweijw.system.api.model.AuthPermission)1
HashSet (java.util.HashSet)1
List (java.util.List)1
CacheEvict (org.springframework.cache.annotation.CacheEvict)1
Bean (org.springframework.context.annotation.Bean)1
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1
TokenEnhancerChain (org.springframework.security.oauth2.provider.token.TokenEnhancerChain)1
PostMapping (org.springframework.web.bind.annotation.PostMapping)1
