oauth2 token为空拦截_Spring Security OAuth2 token权限隔离

1 packagecom.brightcns.wuxi.citizencard.auth.domain;2

3 importorg.springframework.security.authentication.AbstractAuthenticationToken;4 importorg.springframework.security.core.Authentication;5 importorg.springframework.security.core.CredentialsContainer;6 importorg.springframework.security.core.GrantedAuthority;7 importorg.springframework.security.oauth2.provider.OAuth2Request;8

9 importjava.util.Collection;10

11 /**

12 *@authormaxianming13 * @date 2018/10/29 13:5314 */

15 public class CustomOAuth2Authentication extendsAbstractAuthenticationToken {16

17 private static final long serialVersionUID = -4809832298438307309L;18

19 private finalOAuth2Request storedRequest;20

21 private finalAuthentication userAuthentication;22

23 /**

24 * Construct an OAuth 2 authentication. Since some grant types don't require user authentication, the user25 * authentication may be null.26 *@paramstoredRequest The authorization request (must not be null).27 *@paramuserAuthentication The user authentication (possibly null).28 */

29 public CustomOAuth2Authentication(OAuth2Request storedRequest, Authentication userAuthentication, Collection extends GrantedAuthority>authorities) {30 /**

31 * 为了服务端进行token权限隔离 {@link@PreAuthorize("hasAuthority('server')")}，自定义OAuth2Authentication使得支持改变authorities32 */

33 super(authorities != null ? authorities : userAuthentication == null ?storedRequest.getAuthorities() : userAuthentication.getAuthorities());34 this.storedRequest =storedRequest;35 this.userAuthentication =userAuthentication;36 }37

38 publicObject getCredentials() {39 return "";40 }41

42 publicObject getPrincipal() {43 return this.userAuthentication == null ? this.storedRequest.getClientId() : this.userAuthentication44 .getPrincipal();45 }46

47 /**

48 * Convenience method to check if there is a user associated with this token, or just a client application.49 *50 *@returntrue if this token represents a client app not acting on behalf of a user51 */

52 public booleanisClientOnly() {53 return userAuthentication == null;54 }55

56 /**

57 * The authorization request containing details of the client application.58 *59 *@returnThe client authentication.60 */

61 publicOAuth2Request getOAuth2Request() {62 returnstoredRequest;63 }64

65 /**

66 * The user authentication.67 *68 *@returnThe user authentication.69 */

70 publicAuthentication getUserAuthentication() {71 returnuserAuthentication;72 }73

74 @Override75 public booleanisAuthenticated() {76 return this.storedRequest.isApproved()77 && (this.userAuthentication == null || this.userAuthentication.isAuthenticated());78 }79

80 @Override81 public voideraseCredentials() {82 super.eraseCredentials();83 if (this.userAuthentication != null && CredentialsContainer.class.isAssignableFrom(this.userAuthentication.getClass())) {84 CredentialsContainer.class.cast(this.userAuthentication).eraseCredentials();85 }86 }87

88 @Override89 public booleanequals(Object o) {90 if (this ==o) {91 return true;92 }93 if (!(o instanceofCustomOAuth2Authentication)) {94 return false;95 }96 if (!super.equals(o)) {97 return false;98 }99

100 CustomOAuth2Authentication that =(CustomOAuth2Authentication) o;101

102 if (!storedRequest.equals(that.storedRequest)) {103 return false;104 }105 if (userAuthentication != null ? !userAuthentication.equals(that.userAuthentication)106 : that.userAuthentication != null) {107 return false;108 }109

110 if (getDetails() != null ? !getDetails().equals(that.getDetails()) : that.getDetails() != null) {111 //return false;

112 }113

114 return true;115 }116

117 @Override118 public inthashCode() {119 int result = super.hashCode();120 result = 31 * result +storedRequest.hashCode();121 result = 31 * result + (userAuthentication != null ? userAuthentication.hashCode() : 0);122 returnresult;123 }124

125 }