From a4e306a965dd92c79a8f90297121b813915dcb19 Mon Sep 17 00:00:00 2001
From: houzhongjian <houzhongyi@126.com>
Date: 星期五, 14 三月 2025 15:25:55 +0800
Subject: [PATCH] 增加OAUTH2 客户端模式授权
---
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantServiceImpl.java | 7 ++++---
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthService.java | 8 ++++++++
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2ClientServiceImpl.java | 6 +++---
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantService.java | 2 +-
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/auth/vo/AuthLoginRespVO.java | 4 ++--
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthServiceImpl.java | 6 ++++++
iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/oauth2/OAuth2OpenController.java | 4 +++-
7 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/auth/vo/AuthLoginRespVO.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/auth/vo/AuthLoginRespVO.java
index 70c81a1..68301d0 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/auth/vo/AuthLoginRespVO.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/auth/vo/AuthLoginRespVO.java
@@ -18,10 +18,10 @@
@Schema(description = "用户编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "1024")
private Long userId;
- @Schema(description = "访问令牌", requiredMode = Schema.RequiredMode.REQUIRED, example = "happy")
+ @Schema(description = "访问令牌", requiredMode = Schema.RequiredMode.REQUIRED, example = "7e7372154ba54f90aaffcb67e27ef81f")
private String accessToken;
- @Schema(description = "刷新令牌", requiredMode = Schema.RequiredMode.REQUIRED, example = "nice")
+ @Schema(description = "刷新令牌", requiredMode = Schema.RequiredMode.REQUIRED, example = "7e7372154ba54f90aaffcb67e27ef81f")
private String refreshToken;
@Schema(description = "过期时间", requiredMode = Schema.RequiredMode.REQUIRED)
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/oauth2/OAuth2OpenController.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/oauth2/OAuth2OpenController.java
index 0868d9e..e412218 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/oauth2/OAuth2OpenController.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/controller/admin/oauth2/OAuth2OpenController.java
@@ -175,7 +175,7 @@
accessTokenDO = oauth2GrantService.grantPassword(username, password, client.getClientId(), scopes);
break;
case CLIENT_CREDENTIALS:
- accessTokenDO = oauth2GrantService.grantClientCredentials(client.getClientId(), scopes);
+ accessTokenDO = oauth2GrantService.grantClientCredentials(username, client.getClientId(), scopes);
break;
case REFRESH_TOKEN:
accessTokenDO = oauth2GrantService.grantRefreshToken(refreshToken, client.getClientId());
@@ -226,6 +226,7 @@
* 对应 Spring Security OAuth 的 AuthorizationEndpoint 类的 authorize 方法
*/
@GetMapping("/authorize")
+ @PermitAll
@Operation(summary = "获得授权信息", description = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用")
@Parameter(name = "clientId", required = true, description = "客户端编号", example = "tudou")
public CommonResult<OAuth2OpenAuthorizeInfoRespVO> authorize(@RequestParam("clientId") String clientId) {
@@ -259,6 +260,7 @@
@Parameter(name = "auto_approve", required = true, description = "用户是否接受", example = "true"),
@Parameter(name = "state", example = "1")
})
+ @PermitAll
public CommonResult<String> approveOrDeny(@RequestParam("response_type") String responseType,
@RequestParam("client_id") String clientId,
@RequestParam(value = "scope", required = false) String scope,
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthService.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthService.java
index 6e8db15..6699da4 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthService.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthService.java
@@ -24,6 +24,14 @@
AdminUserDO authenticate(String username, String password);
/**
+ * 验证账号 + 密码。如果通过,则返回用户
+ *
+ * @param username 账号
+ * @return 用户
+ */
+ AdminUserDO getTenantUser(String username);
+
+ /**
* 账号登录
*
* @param reqVO 登录信息
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthServiceImpl.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthServiceImpl.java
index c28af71..1fa800b 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthServiceImpl.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/auth/AdminAuthServiceImpl.java
@@ -93,6 +93,12 @@
}
@Override
+ public AdminUserDO getTenantUser(String username) {
+ AdminUserDO userByUsername = userService.getUserByUsername(username);
+ return userByUsername;
+ }
+
+ @Override
public AuthLoginRespVO login(AuthLoginReqVO reqVO) {
// 校验验证码
validateCaptcha(reqVO);
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2ClientServiceImpl.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2ClientServiceImpl.java
index 7dc92d0..840b339 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2ClientServiceImpl.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2ClientServiceImpl.java
@@ -135,9 +135,9 @@
throw exception(OAUTH2_CLIENT_SCOPE_OVER);
}
// 校验回调地址
- if (StrUtil.isNotEmpty(redirectUri) && !StrUtils.startWithAny(redirectUri, client.getRedirectUris())) {
- throw exception(OAUTH2_CLIENT_REDIRECT_URI_NOT_MATCH, redirectUri);
- }
+// if (StrUtil.isNotEmpty(redirectUri) && !StrUtils.startWithAny(redirectUri, client.getRedirectUris())) {
+// throw exception(OAUTH2_CLIENT_REDIRECT_URI_NOT_MATCH, redirectUri);
+// }
return client;
}
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantService.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantService.java
index a19ede4..4e2448f 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantService.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantService.java
@@ -97,7 +97,7 @@
* @param scopes 授权范围
* @return 访问令牌
*/
- OAuth2AccessTokenDO grantClientCredentials(String clientId, List<String> scopes);
+ OAuth2AccessTokenDO grantClientCredentials(String username, String clientId, List<String> scopes);
/**
* 移除访问令牌
diff --git a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantServiceImpl.java b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantServiceImpl.java
index d1b9f5b..db703d9 100644
--- a/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantServiceImpl.java
+++ b/iailab-module-system/iailab-module-system-biz/src/main/java/com/iailab/module/system/service/oauth2/OAuth2GrantServiceImpl.java
@@ -85,9 +85,10 @@
}
@Override
- public OAuth2AccessTokenDO grantClientCredentials(String clientId, List<String> scopes) {
- // TODO iailab:项目中使用 OAuth2 解决的是三方应用的授权,内部的 SSO 等问题,所以暂时不考虑 client_credentials 这个场景
- throw new UnsupportedOperationException("暂时不支持 client_credentials 授权模式");
+ public OAuth2AccessTokenDO grantClientCredentials(String username, String clientId, List<String> scopes) {
+ AdminUserDO tenantUser = adminAuthService.getTenantUser(username);
+ // 创建访问令牌
+ return oauth2TokenService.createAccessToken(tenantUser.getId(), UserTypeEnum.ADMIN.getValue(), clientId, scopes);
}
@Override
--
Gitblit v1.9.3