/* * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * Neither the name of the dreamlu.net developer nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * Author: Chill 庄骞 (smallchill@163.com) */ package com.vci.ubcs.auth.support; import com.vci.ubcs.auth.service.BladeUserDetails; import com.vci.ubcs.auth.utils.TokenUtil; import lombok.AllArgsConstructor; import org.springblade.core.jwt.JwtUtil; import org.springblade.core.jwt.props.JwtProperties; import org.springblade.core.secure.utils.AuthUtil; import org.springblade.core.tool.utils.Func; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.token.TokenEnhancer; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import java.util.HashMap; import java.util.Map; /** * jwt返回参数增强 * * @author Chill */ @AllArgsConstructor public class BladeJwtTokenEnhancer implements TokenEnhancer { private final JwtAccessTokenConverter jwtAccessTokenConverter; private final JwtProperties jwtProperties; @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { BladeUserDetails principal = (BladeUserDetails) authentication.getUserAuthentication().getPrincipal(); //token参数增强 Map info = new HashMap<>(16); info.put(TokenUtil.CLIENT_ID, TokenUtil.getClientIdFromHeader()); info.put(TokenUtil.USER_ID, Func.toStr(principal.getUserId())); info.put(TokenUtil.DEPT_ID, Func.toStr(principal.getDeptId())); info.put(TokenUtil.POST_ID, Func.toStr(principal.getPostId())); info.put(TokenUtil.ROLE_ID, Func.toStr(principal.getRoleId())); info.put(TokenUtil.TENANT_ID, principal.getTenantId()); info.put(TokenUtil.OAUTH_ID, principal.getOauthId()); info.put(TokenUtil.ACCOUNT, principal.getAccount()); info.put(TokenUtil.USER_NAME, principal.getUsername()); info.put(TokenUtil.NICK_NAME, principal.getName()); info.put(TokenUtil.REAL_NAME, principal.getRealName()); info.put(TokenUtil.ROLE_NAME, principal.getRoleName()); info.put(TokenUtil.AVATAR, principal.getAvatar()); info.put(TokenUtil.DETAIL, principal.getDetail()); info.put(TokenUtil.LICENSE, TokenUtil.LICENSE_NAME); info.put(TokenUtil.STRATEGYUPDATESTATUS, principal.getStrategyUpdateStatus()); info.put(TokenUtil.TENANTNAME, principal.getTenantName()); info.put(TokenUtil.DEPTNAME, principal.getDeptName()); info.put(TokenUtil.EMAIL, principal.getEmail()); info.put(TokenUtil.SECRETGRADE, principal.getSecretGrade()); ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(info); //token状态设置 if (jwtProperties.getState()) { OAuth2AccessToken oAuth2AccessToken = jwtAccessTokenConverter.enhance(accessToken, authentication); String accessTokenValue = oAuth2AccessToken.getValue(); String tenantId = principal.getTenantId(); String userId = Func.toStr(principal.getUserId()); JwtUtil.addAccessToken(tenantId, userId, accessTokenValue, accessToken.getExpiresIn()); if (jwtProperties.getSingle()) { OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken(); String refreshTokenValue = oAuth2RefreshToken.getValue(); JwtUtil.addRefreshToken(tenantId, userId, refreshTokenValue, accessToken.getExpiresIn() * 168); } } return accessToken; } }