From 9b4433fddf5b401edb0aace8a404ac733b122702 Mon Sep 17 00:00:00 2001
From: 田源 <tianyuan@vci-tech.com>
Date: 星期四, 03 四月 2025 14:35:02 +0800
Subject: [PATCH] 添加非密字段显示
---
Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 227 insertions(+), 0 deletions(-)
diff --git a/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java
new file mode 100644
index 0000000..037dbd7
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java
@@ -0,0 +1,227 @@
+/*
+ * Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * Neither the name of the dreamlu.net developer nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.secure.utils;
+
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import lombok.SneakyThrows;
+import org.springblade.core.jwt.JwtUtil;
+import org.springblade.core.jwt.props.JwtProperties;
+import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.secure.TokenInfo;
+import org.springblade.core.secure.constant.SecureConstant;
+import org.springblade.core.secure.exception.SecureException;
+import org.springblade.core.secure.provider.IClientDetails;
+import org.springblade.core.secure.provider.IClientDetailsService;
+import org.springblade.core.tool.utils.*;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.security.Key;
+import java.util.*;
+
+/**
+ * Secure宸ュ叿绫�
+ *
+ * @author Chill
+ */
+public class SecureUtil extends AuthUtil {
+ private final static String CLIENT_ID = TokenConstant.CLIENT_ID;
+
+ private static IClientDetailsService clientDetailsService;
+
+ private static JwtProperties jwtProperties;
+
+ /**
+ * 鑾峰彇瀹㈡埛绔湇鍔$被
+ *
+ * @return clientDetailsService
+ */
+ private static IClientDetailsService getClientDetailsService() {
+ if (clientDetailsService == null) {
+ clientDetailsService = SpringUtil.getBean(IClientDetailsService.class);
+ }
+ return clientDetailsService;
+ }
+
+ /**
+ * 鑾峰彇閰嶇疆绫�
+ *
+ * @return jwtProperties
+ */
+ private static JwtProperties getJwtProperties() {
+ if (jwtProperties == null) {
+ jwtProperties = SpringUtil.getBean(JwtProperties.class);
+ }
+ return jwtProperties;
+ }
+
+ /**
+ * 鍒涘缓浠ょ墝
+ *
+ * @param user user
+ * @param audience audience
+ * @param issuer issuer
+ * @param tokenType tokenType
+ * @return jwt
+ */
+ public static TokenInfo createJWT(Map<String, Object> user, String audience, String issuer, String tokenType) {
+
+ String[] tokens = extractAndDecodeHeader();
+ String clientId = tokens[0];
+ String clientSecret = tokens[1];
+
+ // 鑾峰彇瀹㈡埛绔俊鎭�
+ IClientDetails clientDetails = clientDetails(clientId);
+
+ // 鏍¢獙瀹㈡埛绔俊鎭�
+ if (!validateClient(clientDetails, clientId, clientSecret)) {
+ throw new SecureException("瀹㈡埛绔璇佸け璐�, 璇锋鏌ヨ姹傚ご [Authorization] 淇℃伅");
+ }
+
+ SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+
+ long nowMillis = System.currentTimeMillis();
+ Date now = new Date(nowMillis);
+
+ //鐢熸垚绛惧悕瀵嗛挜
+ byte[] apiKeySecretBytes = Base64.getDecoder().decode(JwtUtil.getBase64Security());
+ Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
+
+ //娣诲姞鏋勬垚JWT鐨勭被
+ JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT")
+ .setIssuer(issuer)
+ .setAudience(audience)
+ .signWith(signingKey);
+
+ //璁剧疆JWT鍙傛暟
+ user.forEach(builder::claim);
+
+ //璁剧疆搴旂敤id
+ builder.claim(CLIENT_ID, clientId);
+
+ //娣诲姞Token杩囨湡鏃堕棿
+ long expireMillis;
+ if (tokenType.equals(TokenConstant.ACCESS_TOKEN)) {
+ expireMillis = clientDetails.getAccessTokenValidity() * 1000L;
+ } else if (tokenType.equals(TokenConstant.REFRESH_TOKEN)) {
+ expireMillis = clientDetails.getRefreshTokenValidity() * 1000L;
+ } else {
+ expireMillis = getExpire();
+ }
+ long expMillis = nowMillis + expireMillis;
+ Date exp = new Date(expMillis);
+ builder.setExpiration(exp).setNotBefore(now);
+
+ //缁勮Token淇℃伅
+ TokenInfo tokenInfo = new TokenInfo();
+ tokenInfo.setToken(builder.compact());
+ tokenInfo.setExpire((int) (expireMillis / 1000L));
+
+ //Token鐘舵�侀厤缃�, 浠呭湪鐢熸垚AccessToken鏃跺�欐墽琛�
+ if (getJwtProperties().getState() && TokenConstant.ACCESS_TOKEN.equals(tokenType)) {
+ String tenantId = String.valueOf(user.get(TokenConstant.TENANT_ID));
+ String userId = String.valueOf(user.get(TokenConstant.USER_ID));
+ JwtUtil.addAccessToken(tenantId, userId, tokenInfo.getToken(), tokenInfo.getExpire());
+ }
+ //Token鐘舵�侀厤缃�, 浠呭湪鐢熸垚RefreshToken鏃跺�欐墽琛�
+ if (getJwtProperties().getState() && getJwtProperties().getSingle() && TokenConstant.REFRESH_TOKEN.equals(tokenType)) {
+ String tenantId = String.valueOf(user.get(TokenConstant.TENANT_ID));
+ String userId = String.valueOf(user.get(TokenConstant.USER_ID));
+ JwtUtil.addRefreshToken(tenantId, userId, tokenInfo.getToken(), tokenInfo.getExpire());
+ }
+ return tokenInfo;
+ }
+
+ /**
+ * 鑾峰彇杩囨湡鏃堕棿(娆℃棩鍑屾櫒3鐐�)
+ *
+ * @return expire
+ */
+ public static long getExpire() {
+ Calendar cal = Calendar.getInstance();
+ cal.add(Calendar.DAY_OF_YEAR, 1);
+ cal.set(Calendar.HOUR_OF_DAY, 3);
+ cal.set(Calendar.SECOND, 0);
+ cal.set(Calendar.MINUTE, 0);
+ cal.set(Calendar.MILLISECOND, 0);
+ return cal.getTimeInMillis() - System.currentTimeMillis();
+ }
+
+ /**
+ * 瀹㈡埛绔俊鎭В鐮�
+ */
+ @SneakyThrows
+ public static String[] extractAndDecodeHeader() {
+ // 鑾峰彇璇锋眰澶村鎴风淇℃伅
+ String header = Objects.requireNonNull(WebUtil.getRequest()).getHeader(SecureConstant.BASIC_HEADER_KEY);
+ header = Func.toStr(header).replace(SecureConstant.BASIC_HEADER_PREFIX_EXT, SecureConstant.BASIC_HEADER_PREFIX);
+ if (!header.startsWith(SecureConstant.BASIC_HEADER_PREFIX)) {
+ throw new SecureException("鏈幏鍙栧埌璇锋眰澶碵Authorization]鐨勪俊鎭�");
+ }
+ byte[] base64Token = header.substring(6).getBytes(Charsets.UTF_8_NAME);
+
+ byte[] decoded;
+ try {
+ decoded = Base64.getDecoder().decode(base64Token);
+ } catch (IllegalArgumentException var7) {
+ throw new RuntimeException("瀹㈡埛绔护鐗岃В鏋愬け璐�");
+ }
+
+ String token = new String(decoded, Charsets.UTF_8_NAME);
+ int index = token.indexOf(StringPool.COLON);
+ if (index == -1) {
+ throw new RuntimeException("瀹㈡埛绔护鐗屼笉鍚堟硶");
+ } else {
+ return new String[]{token.substring(0, index), token.substring(index + 1)};
+ }
+ }
+
+ /**
+ * 鑾峰彇璇锋眰澶翠腑鐨勫鎴风id
+ */
+ public static String getClientIdFromHeader() {
+ String[] tokens = extractAndDecodeHeader();
+ assert tokens.length == 2;
+ return tokens[0];
+ }
+
+ /**
+ * 鑾峰彇瀹㈡埛绔俊鎭�
+ *
+ * @param clientId 瀹㈡埛绔痠d
+ * @return clientDetails
+ */
+ private static IClientDetails clientDetails(String clientId) {
+ return getClientDetailsService().loadClientByClientId(clientId);
+ }
+
+ /**
+ * 鏍¢獙Client
+ *
+ * @param clientId 瀹㈡埛绔痠d
+ * @param clientSecret 瀹㈡埛绔瘑閽�
+ * @return boolean
+ */
+ private static boolean validateClient(IClientDetails clientDetails, String clientId, String clientSecret) {
+ if (clientDetails != null) {
+ return StringUtil.equals(clientId, clientDetails.getClientId()) && StringUtil.equals(clientSecret, clientDetails.getClientSecret());
+ }
+ return false;
+ }
+
+}
--
Gitblit v1.9.3