sunpeng
/
oidc-gateway-demo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xx

This commit is contained in:
孙小云 2025-07-25 10:50:16 +08:00
parent c13eb5df79
commit 964532d142
7 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
oidc/src/main/java/com/tuoheng/oauth/oidc/config/SecurityConfig.java
View File

@ -102,7 +102,7 @@ public class SecurityConfig {
.oidc(Customizer.withDefaults()); // 启用 OpenID Connect .oidc(Customizer.withDefaults()); // 启用 OpenID Connect
http.exceptionHandling(exceptions -> http.exceptionHandling(exceptions ->
exceptions.authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint("/login")) exceptions.authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint("/tologin"))
); );
return http.build(); return http.build();
@ -119,23 +119,23 @@ public class SecurityConfig {
.requestMatchers("/.well-known/openid_configuration").permitAll() .requestMatchers("/.well-known/openid_configuration").permitAll()
.requestMatchers("/oauth2/jwks").permitAll() .requestMatchers("/oauth2/jwks").permitAll()
.requestMatchers("/logout").permitAll() .requestMatchers("/logout").permitAll()
.requestMatchers("/login").permitAll() .requestMatchers("/tologin").permitAll()
.requestMatchers("/oidc-logout").permitAll() .requestMatchers("/oidc-logout").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.oauth2ResourceServer(oauth2 -> oauth2.jwt()) // 新增支持JWT .oauth2ResourceServer(oauth2 -> oauth2.jwt()) // 新增支持JWT
.formLogin(form -> form .formLogin(form -> form
.loginPage("/login") .loginPage("/tologin")
.loginProcessingUrl("/login") .loginProcessingUrl("/tologin")
.defaultSuccessUrl("/") .defaultSuccessUrl("/")
.failureUrl("/login?error=bad_credentials") .failureUrl("/tologin?error=bad_credentials")
.permitAll() .permitAll()
) )
.cors(cors -> cors.configurationSource(corsConfigurationSource())) // 添加CORS支持 .cors(cors -> cors.configurationSource(corsConfigurationSource())) // 添加CORS支持
.csrf(csrf -> csrf.ignoringRequestMatchers("/logout")) // 禁用logout端点的CSRF保护 .csrf(csrf -> csrf.ignoringRequestMatchers("/logout")) // 禁用logout端点的CSRF保护
.logout(logout -> logout .logout(logout -> logout
.logoutUrl("/logout") .logoutUrl("/logout")
.logoutSuccessUrl("/login?logout") .logoutSuccessUrl("/tologin?logout")
.invalidateHttpSession(true) .invalidateHttpSession(true)
.deleteCookies("JSESSIONID") .deleteCookies("JSESSIONID")
.permitAll() .permitAll()

2
oidc/src/main/java/com/tuoheng/oauth/oidc/controller/LoginController.java
View File

@ -15,7 +15,7 @@ import java.nio.file.Paths;
public class LoginController { public class LoginController {
@GetMapping("/login") @GetMapping("/tologin")
@ResponseBody @ResponseBody
public String login(HttpServletRequest request, @RequestParam(value = "client_id", required = false) String clientId) throws IOException { public String login(HttpServletRequest request, @RequestParam(value = "client_id", required = false) String clientId) throws IOException {
// 读取静态HTML文件 // 读取静态HTML文件

2
oidc/src/main/java/com/tuoheng/oauth/oidc/controller/OidcLogoutController.java
View File

@ -26,6 +26,6 @@ public class OidcLogoutController {
if (redirectUri != null && !redirectUri.isEmpty()) { if (redirectUri != null && !redirectUri.isEmpty()) {
return "redirect:" + redirectUri; return "redirect:" + redirectUri;
} }
return "redirect:/login?logout"; return "redirect:/tologin?logout";
} }
} }

6
oidc/src/main/java/com/tuoheng/oauth/oidc/provider/TenantAwareAuthenticationProvider.java
View File

@ -55,6 +55,9 @@ public class TenantAwareAuthenticationProvider implements AuthenticationProvider
*/ */
UserDetailsInfo userDetails = userDetailsService.loadUserByUsername(username,clientId,tenantCode); UserDetailsInfo userDetails = userDetailsService.loadUserByUsername(username,clientId,tenantCode);
/**
* 往Token里面加信息
*/
if (userDetails != null && passwordEncoder.matches(password, userDetails.getUserDetails().getPassword())) { if (userDetails != null && passwordEncoder.matches(password, userDetails.getUserDetails().getPassword())) {
System.out.println("用户认证成功"); System.out.println("用户认证成功");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
@ -65,6 +68,9 @@ public class TenantAwareAuthenticationProvider implements AuthenticationProvider
details.put("tenant_code", tenantCode); details.put("tenant_code", tenantCode);
details.put("clientIds",userDetails.getUserDetails().getAuthorities().toString()); details.put("clientIds",userDetails.getUserDetails().getAuthorities().toString());
details.put("isLongToken",userDetails.getIslongToken()); details.put("isLongToken",userDetails.getIslongToken());
/**
*
*/
token.setDetails(details); token.setDetails(details);
return token; return token;

8
oidc/src/main/java/com/tuoheng/oauth/oidc/service/CustomUserDetailsService.java
View File

@ -30,7 +30,8 @@ public class CustomUserDetailsService implements UserDetailsService {
*/ */
public UserDetailsInfo loadUserByUsername(String username,String clientId,String tenantCode) throws UsernameNotFoundException { public UserDetailsInfo loadUserByUsername(String username,String clientId,String tenantCode) throws UsernameNotFoundException {
if(!dbService.isValidClientId(clientId)) {
if(!dbService.isValidClientId(clientId)) {
return null; return null;
} }
@ -49,18 +50,19 @@ public class CustomUserDetailsService implements UserDetailsService {
DbService.UserInfo userInfo = dbService.getUser(clientId,tenantCode,username); DbService.UserInfo userInfo = dbService.getUser(clientId,tenantCode,username);
if(Objects.nonNull(userInfo)) { if(Objects.nonNull(userInfo)) {
String[] authorities = userInfo.validClient.toArray(new String[0]); String[] validUrls = userInfo.validClient.toArray(new String[0]);
UserDetailsInfo userDetailsInfo = new UserDetailsInfo(); UserDetailsInfo userDetailsInfo = new UserDetailsInfo();
userDetailsInfo.userDetails = org.springframework.security.core.userdetails.User.builder() userDetailsInfo.userDetails = org.springframework.security.core.userdetails.User.builder()
.username(userInfo.userName) .username(userInfo.userName)
.password(passwordEncoder.encode(userInfo.password)) .password(passwordEncoder.encode(userInfo.password))
.authorities(authorities) .authorities(validUrls)
.accountExpired(false) .accountExpired(false)
.accountLocked(false) .accountLocked(false)
.credentialsExpired(false) .credentialsExpired(false)
.disabled(false) .disabled(false)
.build(); .build();
userDetailsInfo.islongToken = userInfo.longToken; userDetailsInfo.islongToken = userInfo.longToken;
// userDetailsInfo.setValidUrl(validUrls);
return userDetailsInfo; return userDetailsInfo;
}else { }else {

12
oidc/src/main/java/com/tuoheng/oauth/oidc/service/UserDetailsInfo.java
View File

@ -3,6 +3,8 @@ package com.tuoheng.oauth.oidc.service;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import java.util.List;
public class UserDetailsInfo { public class UserDetailsInfo {
public UserDetails getUserDetails() { public UserDetails getUserDetails() {
return userDetails; return userDetails;
@ -22,4 +24,14 @@ public class UserDetailsInfo {
UserDetails userDetails; UserDetails userDetails;
Boolean islongToken; Boolean islongToken;
public String[] getValidUrl() {
return validUrl;
}
public void setValidUrl(String[] validUrl) {
this.validUrl = validUrl;
}
String[] validUrl;
} }

2
oidc/src/main/resources/static/login.html
View File

@ -148,7 +148,7 @@
<div id="error-message" class="error-message"></div> <div id="error-message" class="error-message"></div>
<form id="login-form" method="post" action="/login"> <form id="login-form" method="post" action="/tologin">
<input type="hidden" id="csrf-parameter" name="" value="" /> <input type="hidden" id="csrf-parameter" name="" value="" />
<input type="hidden" id="client-id" name="client_id" value="" /> <input type="hidden" id="client-id" name="client_id" value="" />