基于Spring oauth2.0统一认证登录,返回自定义用户信息

先看源码是如何处理的:

 
package org.springframework.boot.autoconfigure.security.oauth2.resource;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.util.Assert;

public class UserInfoTokenServices implements ResourceServerTokenServices {
    protected final Log logger = LogFactory.getLog(this.getClass());
    private final String userInfoEndpointUrl;
    private final String clientId;
    private OAuth2RestOperations restTemplate;
    private String tokenType = "Bearer";
    private AuthoritiesExtractor authoritiesExtractor = new FixedAuthoritiesExtractor();
    private PrincipalExtractor principalExtractor = new FixedPrincipalExtractor();

    public UserInfoTokenServices(String userInfoEndpointUrl, String clientId) {
        this.userInfoEndpointUrl = userInfoEndpointUrl;
        this.clientId = clientId;
    }

    public void setTokenType(String tokenType) {
        this.tokenType = tokenType;
    }

    public void setRestTemplate(OAuth2RestOperations restTemplate) {
        this.restTemplate = restTemplate;
    }

    public void setAuthoritiesExtractor(AuthoritiesExtractor authoritiesExtractor) {
        Assert.notNull(authoritiesExtractor, "AuthoritiesExtractor must not be null");
        this.authoritiesExtractor = authoritiesExtractor;
    }

    public void setPrincipalExtractor(PrincipalExtractor principalExtractor) {
        Assert.notNull(principalExtractor, "PrincipalExtractor must not be null");
        this.principalExtractor = principalExtractor;
    }

    /**
     根据access_token获取用户认证信息(根据access_token调用认证服务器)
    */
    public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException {
        //this.userInfoEndpointUrl application.peoperties中配置的
        //获取用户信息的URL security.oauth2.resource.userInfoUri
        //accessToken 回去的access_token
        //以下为根据access_token和获取用户信息的URL(需要则认证服务器写专门的controller处理)获取用户信息
        Map<String, Object> map = this.getMap(this.userInfoEndpointUrl, accessToken);
        if (map.containsKey("error")) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("userinfo returned error: " + map.get("error"));
            }

            throw new InvalidTokenException(accessToken);
        } else {
            return this.extractAuthentication(map);
        }
    }
    
    /**
     提取用户认证信息
    */
    private OAuth2Authentication extractAuthentication(Map<String, Object> map) {
        Object principal = this.getPrincipal(map);
        List<GrantedAuthority> authorities = this.authoritiesExtractor.extractAuthorities(map);
        OAuth2Request request = new OAuth2Request((Map)null, this.clientId, (Collection)null, true, (Set)null, (Set)null, (String)null, (Set)null, (Map)null);
        //将提取的值principal作为构造函数参数
        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
        token.setDetails(map);
        return new OAuth2Authentication(request, token);
    }
     /**
      从map中提取最终在UsernamePasswordAuthenticationToken构造函数中封装的值
    */
    protected Object getPrincipal(Map<String, Object> map) {
        Object principal = this.principalExtractor.extractPrincipal(map);
        return principal == null ? "unknown" : principal;
    }

    public OAuth2AccessToken readAccessToken(String accessToken) {
        throw new UnsupportedOperationException("Not supported: read access token");
    }

   /**
    调用认证服务器,获取用户信息
   */
    private Map<String, Object> getMap(String path, String accessToken) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Getting user info from: " + path);
        }

        try {
            OAuth2RestOperations restTemplate = this.restTemplate;
            if (restTemplate == null) {
                BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails();
                resource.setClientId(this.clientId);
                restTemplate = new OAuth2RestTemplate(resource);
            }

            OAuth2AccessToken existingToken = ((OAuth2RestOperations)restTemplate).getOAuth2ClientContext().getAccessToken();
            if (existingToken == null || !accessToken.equals(existingToken.getValue())) {
                DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(accessToken);
                token.setTokenType(this.tokenType);
                ((OAuth2RestOperations)restTemplate).getOAuth2ClientContext().setAccessToken(token);
            }
            //通过restTemplate返回用户信息
            return (Map)((OAuth2RestOperations)restTemplate).getForEntity(path, Map.class, new Object[0]).getBody();
        } catch (Exception var6) {
            this.logger.warn("Could not fetch user details: " + var6.getClass() + ", " + var6.getMessage());
            return Collections.singletonMap("error", "Could not fetch user details");
        }
    }
}
/**
 最终在map中提取的是什么信息,封装在principal中
 注意:以下只会返回一个合适的值,即使你认证服务返回在多的信息,最终都无法在客户端显示
*/
public class FixedPrincipalExtractor implements PrincipalExtractor {

    //
	private static final String[] PRINCIPAL_KEYS = new String[] { "user", "username",
			"userid", "user_id", "login", "id", "name" };

	@Override
	public Object extractPrincipal(Map<String, Object> map) {
        //提取只会返回一个合适的值,最终封装在principal中
        //主要还是看认证服务器返回用户信息的接口是否返回如上数组定义的字段信息,如果没有可能会返回null
		for (String key : PRINCIPAL_KEYS) {
			if (map.containsKey(key)) {
				return map.get(key);
			}
		}
		return null;
	}

}

解决方案

只需要将源码中的以下代码,替换为自己想要返回的参数

 protected Object getPrincipal(Map<String, Object> map) {
        Object principal = this.principalExtractor.extractPrincipal(map);
        return principal == null ? "unknown" : principal;
    }

自己实现的代码

   protected Object getPrincipal(Map<String, Object> map) {

        CustomPrincipal customPrincipal = new CustomPrincipal();
        customPrincipal.setEmail((String) map.get("email"));
        customPrincipal.setAccount((String) map.get("account"));
        customPrincipal.setName((String) map.get("name"));
        customPrincipal.setPhone((String) map.get("phone"));
        //and so on..
        return customPrincipal;

        /*
        Object principal = this.principalExtractor.extractPrincipal(map);
        return (principal == null ? "unknown" : principal);
        */

    }
import com.alibaba.fastjson.JSONObject;

/**
 * @author Created by niugang on 2019/1/18/20:19
 */
public class CustomPrincipal {

    public CustomPrincipal() {
    }
    private String email;

    private String name;

    private String account;

    private String phone;

    //Getters and Setters
    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getAccount() {
        return account;
    }

    public void setAccount(String account) {
        this.account = account;
    }

    public String getPhone() {
        return phone;
    }

    public void setPhone(String phone) {
        this.phone = phone;
    }

     /**
     * 因为在principal.getName()返回的参数是字符串类型的,所以为了好处理我们需要用json用格式化一下
     * @return String
     */
    @Override
    public String toString() {
        JSONObject jsonObject = new JSONObject();
        jsonObject.put("email", this.email);
        jsonObject.put("name", this.name);
        jsonObject.put("account", this.account);
        jsonObject.put("phone", this.phone);
        return jsonObject.toString();


    }
}

前端获取用户新 ,注意这块中的是freemarker,采坑点好久没有写freemarker一直认为springboot默认 freemarker后缀为.html,结果一直不能返回到视图,最终看了源码默认后缀为.ftl

  • 总结:对于我们平常写代码,一丁点小知识点都不能忽略

前后调用接口获取需要显示的用户信息

<script type="text/javascript">

    $.get("/getUserInfo", function (data) {
        if (data) {
            $("#account").html(data.account);
            $("#email").html(data.email);
            $("#name").html(data.name);
            $("#phone").html(data.phone);
        }
    });

</script>

后台返回用户信息接口

    /**
     * @param principal 存在登录成功后的信息
     * @return Object
     */
    @RequestMapping({"/getUserInfo"})
    @ResponseBody
    public Object user(Principal principal) {
        if (principal != null) {
            //重写之后 principal.getName()存放是 CustomPrincipal toString形式的数据
            String jsonObject = principal.getName();
            if (jsonObject != null) {
                CustomPrincipal customPrincipal = JSON.parseObject(jsonObject, CustomPrincipal.class);
                return customPrincipal;
            }
        }

        return new Object();
    }

注意:以上并非全部代码,只是重点核心代码,额外的配置参考

以前显示:

优化后:

https://gitee.com/niugangxy/springcloudAction

https://stackoverflow.com/questions/35056169/how-to-get-custom-user-info-from-oauth2-authorization-server-user-endpoint/35092561

微信公众号

                          
posted @ 2020-01-13 11:44  盲目的拾荒者  阅读(6264)  评论(0编辑  收藏  举报