统一业务系统系统
blame | 历史 | 原始文档
xiejun
2023-10-18 e40973680e8842a0797ca2e1cd45ec5e6bf0f3d8 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

package com.vci.ubcs.auth.granter;


 


import org.springblade.core.redis.cache.BladeRedis;


import org.springframework.security.authentication.*;


import org.springframework.security.core.Authentication;


import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;


import org.springframework.security.oauth2.provider.*;


import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;


import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;


 


import java.util.LinkedHashMap;


import java.util.Map;


 


/**


 * 验证码TokenGranter


 *


 * @author Chill


 */


public class CaptchaTokenGranter extends AbstractTokenGranter {


 


    private static final String GRANT_TYPE = "captcha";


 


    private final AuthenticationManager authenticationManager;


 


    private BladeRedis bladeRedis;


 


    public CaptchaTokenGranter(AuthenticationManager authenticationManager,


                               AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, BladeRedis bladeRedis) {


        this(authenticationManager, tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);


        this.bladeRedis = bladeRedis;


    }


 


    protected CaptchaTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices,


                                                ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {


        super(tokenServices, clientDetailsService, requestFactory, grantType);


        this.authenticationManager = authenticationManager;


    }


 


    @Override


    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {


        Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());


        String username = parameters.get("username");


        String password = parameters.get("password");


        // Protect from downstream leaks of password


        parameters.remove("password");


 


        Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);


        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);


        try {


            userAuth = authenticationManager.authenticate(userAuth);


        }


        catch (AccountStatusException | BadCredentialsException ase) {


            //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)


            throw new InvalidGrantException(ase.getMessage());


        }


        // If the username/password are wrong the spec says we should send 400/invalid grant


 


        if (userAuth == null || !userAuth.isAuthenticated()) {


            throw new InvalidGrantException("Could not authenticate user: " + username);


        }


 


        OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);


        return new OAuth2Authentication(storedOAuth2Request, userAuth);


    }


}