xx

oidc/src/main/java/com/tuoheng/oauth/oidc/db/DbService.java

@@ -27,17 +27,31 @@ public class DbService {
         clients.add(new Client(2L, "b-client","b-secret","https://b.local.com/callback"));
 
         // 租户-客户端关系
+        // 租户t1 可以登录 a b
+        // 租户t2 可以登录 a
         tenantClients.add(new TenantClient(1L, 1L,1L));
         tenantClients.add(new TenantClient(2L, 1L,2L));
         tenantClients.add(new TenantClient(3L, 2L,1L));
 
         // 为租户添加用户
+        // t1 u1 可登录 a b
         users.add(new User(1L,1L,"u1","u1",true,false));
-        users.add(new User(2L,1L,"u2","u2",false,false));
+        users.add(new User(2L,1L,"u2","u2",false,true));
         users.add(new User(3L,2L,"u3","u3",false,false));
+        users.add(new User(4L,2L,"u2","u2",false,false));
 
         // 添加系统的普通用户
+        // t1 u2 可以登录 a
+        // t2 u3 可以登录 a
         userClientAuthorities.add(new UserClientAuthorities(1L,2L,1L));
+        userClientAuthorities.add(new UserClientAuthorities(2L,3L,1L));
+        userClientAuthorities.add(new UserClientAuthorities(3L,4L,1L));
+
+        // 总结
+        // t1 u1 可以登录 a b
+        // t1 u2 可以登录 a
+        // t2 u3 可以登录 a
+        // t2 u2 可以登录 a
 
     }
 
@@ -45,6 +59,7 @@ public class DbService {
     public static class UserInfo {
         public String userName;
         public String password;
+        public Boolean longToken = false;
         public List<String> validClient;
     }
 
@@ -166,7 +181,7 @@ public class DbService {
 
            userInfo.validClient = clientUrls;
        }
-
+       userInfo.longToken = user.getLongToken();
        return userInfo;
 
    }

oidc/src/main/java/com/tuoheng/oauth/oidc/provider/TenantAwareAuthenticationProvider.java

@@ -1,6 +1,7 @@
 package com.tuoheng.oauth.oidc.provider;
 
 import com.tuoheng.oauth.oidc.service.CustomUserDetailsService;
+import com.tuoheng.oauth.oidc.service.UserDetailsInfo;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -48,18 +49,18 @@ public class TenantAwareAuthenticationProvider implements AuthenticationProvider
         /**
          * 这边判断用户是否有权限
          */
-        UserDetails userDetails = userDetailsService.loadUserByUsername(username,clientId,tenantCode);
+        UserDetailsInfo userDetails = userDetailsService.loadUserByUsername(username,clientId,tenantCode);
 
-
+        if (userDetails != null && passwordEncoder.matches(password, userDetails.getUserDetails().getPassword())) {
-        if (userDetails != null && passwordEncoder.matches(password, userDetails.getPassword())) {
             System.out.println("用户认证成功");
             UsernamePasswordAuthenticationToken token =  new UsernamePasswordAuthenticationToken(
-                    userDetails, password, userDetails.getAuthorities());
+                    userDetails, password, userDetails.getUserDetails().getAuthorities());
 
             Map<String, Object> details = new HashMap<>();
             details.put("client_id", clientId);
             details.put("tenant_code", tenantCode);
-            details.put("clientIds",userDetails.getAuthorities().toString());
+            details.put("clientIds",userDetails.getUserDetails().getAuthorities().toString());
+            details.put("isLongToken",userDetails.getIslongToken());
 
             token.setDetails(details);
             return token;

oidc/src/main/java/com/tuoheng/oauth/oidc/service/CustomUserDetailsService.java

@@ -28,7 +28,7 @@ public class CustomUserDetailsService implements UserDetailsService {
      * @return
      * @throws UsernameNotFoundException
      */
-    public UserDetails loadUserByUsername(String username,String clientId,String tenantCode) throws UsernameNotFoundException {
+    public UserDetailsInfo loadUserByUsername(String username,String clientId,String tenantCode) throws UsernameNotFoundException {
 
           if(!dbService.isValidClientId(clientId)) {
                 return null;
@@ -46,7 +46,9 @@ public class CustomUserDetailsService implements UserDetailsService {
 
            if(Objects.nonNull(userInfo)) {
                String[] authorities = userInfo.validClient.toArray(new String[0]);
-               return org.springframework.security.core.userdetails.User.builder()
+
+               UserDetailsInfo userDetailsInfo = new UserDetailsInfo();
+               userDetailsInfo.userDetails = org.springframework.security.core.userdetails.User.builder()
                 .username(userInfo.userName)
                 .password(passwordEncoder.encode(userInfo.password))
                 .authorities(authorities)
@@ -55,6 +57,8 @@ public class CustomUserDetailsService implements UserDetailsService {
                 .credentialsExpired(false)
                 .disabled(false)
                 .build();
+               userDetailsInfo.islongToken = userInfo.longToken;
+               return userDetailsInfo;
 
            }else {
                return null;

oidc/src/main/java/com/tuoheng/oauth/oidc/service/UserDetailsInfo.java

@@ -0,0 +1,25 @@
+package com.tuoheng.oauth.oidc.service;
+
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+
+public class UserDetailsInfo  {
+    public UserDetails getUserDetails() {
+        return userDetails;
+    }
+
+    public void setUserDetails(UserDetails userDetails) {
+        this.userDetails = userDetails;
+    }
+
+    public Boolean getIslongToken() {
+        return islongToken;
+    }
+
+    public void setIslongToken(Boolean islongToken) {
+        this.islongToken = islongToken;
+    }
+
+    UserDetails userDetails;
+    Boolean islongToken;
+}

oidc/src/main/java/com/tuoheng/oauth/oidc/token/CustomTokenCustomizer.java

@@ -7,7 +7,10 @@ import org.springframework.security.oauth2.server.authorization.token.OAuth2Toke
 import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
 import org.springframework.stereotype.Component;
 
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.Map;
+import java.util.Objects;
 
 @Component
 public class CustomTokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
@@ -33,6 +36,12 @@ public class CustomTokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingC
                 if(clientIds != null) {
                     context.getClaims().claim("clientIds", clientIds);
                 }
+                Boolean isLongToken = (Boolean) details.get("isLongToken");
+                if(Objects.equals(isLongToken, Boolean.TRUE)) {
+                    Instant now = Instant.now();
+                    Instant expiresAt = now.plus(30, ChronoUnit.DAYS);
+                    context.getClaims().expiresAt(expiresAt);
+                }
             }
         }
     }