新增应用授权

sop-example/sop-auth/readme.md

@@ -1,9 +1,11 @@
-# 应用授权
+# 应用授权服务
 
 - 启动注册中心、网关、本服务(sop-auth)
 - 浏览器访问：http://localhost:8087/oauth2/appToAppAuth?app_id=2019032617262200001&redirect_uri=http%3a%2f%2flocalhost%3a8087%2foauth2callback
 - 输入用户名密码登录，这里是`zhangsan/123456`
 
-授权接口在`OAuth2Controller`中，查看回调在`CallbackController`中
+授权接口在`OAuth2Controller`中，查看回调接口在`CallbackController`中
+
+回调接口应该由开发者实现，这里为了演示，写在一起。
 
 token的维护，重点关注`OAuth2ManagerRedis.java`

sop-example/sop-auth/src/main/java/com/gitee/sop/sopauth/auth/OAuth2Manager.java

@@ -4,7 +4,6 @@ package com.gitee.sop.sopauth.auth;
 import com.gitee.sop.sopauth.auth.exception.LoginErrorException;
 
 import javax.servlet.http.HttpServletRequest;
-import java.util.Map;
 
 /**
  * 认证服务，需要自己实现
@@ -68,7 +67,7 @@ public interface OAuth2Manager {
     OpenUser getUserByAuthCode(String authCode);
 
     /**
-     * 根据access token获取用户名
+     * 根据access token获取用户
      * 
      * @param accessToken
      *            token值
@@ -76,13 +75,6 @@ public interface OAuth2Manager {
      */
     OpenUser getUserByAccessToken(String accessToken);
     
-    /**
-     * 返回accessToken中追加的参数
-     * @param user
-     * @return 返回追加的参数
-     */
-    Map<String, String> getParam(OpenUser user);
-
     /**
      * 用户登录，需判断是否已经登录
      * @param request

sop-example/sop-auth/src/main/java/com/gitee/sop/sopauth/auth/impl/OAuth2ManagerCache.java

@@ -16,12 +16,12 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 
 import javax.servlet.http.HttpServletRequest;
-import java.util.HashMap;
-import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 /**
- * oauth2管理，默认谷歌缓存实现，跟redis实现只能用一个。正式环境推荐使用redis保存
+ * oauth2管理，默认谷歌缓存实现，跟redis实现只能用一个。
+ * 这里为了演示，使用本地缓存，正式环境请使用redis保存
+ * @see OAuth2ManagerRedis OAuth2ManagerRedis
  * @author tanghc
  *
  */
@@ -104,13 +104,6 @@ public class OAuth2ManagerCache implements OAuth2Manager {
         return accessTokenCache.getIfPresent(accessToken);
     }
 
-    @Override
-    public Map<String, String> getParam(OpenUser user) {
-        Map<String, String> map = new HashMap<>();
-        map.put("username", user.getUsername());
-        return map;
-    }
-
     @Override
     public OpenUser login(HttpServletRequest request) throws LoginErrorException {
         // 这里应该先检查用户有没有登录，如果登录直接返回openUser

sop-example/sop-auth/src/main/java/com/gitee/sop/sopauth/auth/impl/OAuth2ManagerRedis.java

@@ -15,15 +15,15 @@ import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.util.StringUtils;
 
 import javax.servlet.http.HttpServletRequest;
-import java.util.HashMap;
-import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 /**
  * 
  * oauth2管理redis实现，这个类跟OAuth2ManagerCache类只能用一个，
- * 如果要用这个类，注释掉OAuth2ManagerCache的@Service
- * 启用这个类的@Service
+ * 如果要用这个类，
+ * 1、注释掉OAuth2ManagerCache的@Service。
+ * 2、打开yml中redis部分
+ * 3、启用这个类的@Service
  */
 //@Service
 public class OAuth2ManagerRedis implements OAuth2Manager {
@@ -32,8 +32,6 @@ public class OAuth2ManagerRedis implements OAuth2Manager {
     private static String ACCESS_TOKEN_PREFIX = "com.gitee.sop.oauth2_access_token:";
     private static String REFRESH_TOKEN_PREFIX = "com.gitee.sop.oauth2_refresh_token:";
     
-    private int codeTimeoutSeconds = OAuth2Config.getInstance().getCodeTimeoutSeconds();
-    
     @Autowired
     private StringRedisTemplate redisTemplate;
 
@@ -54,6 +52,7 @@ public class OAuth2ManagerRedis implements OAuth2Manager {
 
     @Override
     public void addAuthCode(String authCode, OpenUser authUser) {
+        long codeTimeoutSeconds = OAuth2Config.getInstance().getCodeTimeoutSeconds();
         redisTemplate.opsForValue().set(getCodeKey(authCode),
                 JSON.toJSONString(authUser), 
                 codeTimeoutSeconds, 
@@ -90,6 +89,7 @@ public class OAuth2ManagerRedis implements OAuth2Manager {
     public void removeAccessToken(String accessToken) {
         String accessTokenKey = getAccessTokenKey(accessToken);
         int afterRefreshExpiresIn = OAuth2Config.getInstance().getAfterRefreshExpiresIn();
+        // 刷新令牌后，保证老的app_auth_token从刷新开始10分钟内可继续使用
         redisTemplate.expire(accessTokenKey, afterRefreshExpiresIn, TimeUnit.SECONDS);
     }
 
@@ -139,12 +139,6 @@ public class OAuth2ManagerRedis implements OAuth2Manager {
         return JSON.parseObject(json, UserInfo.class);
     }
 
-    @Override
-    public Map<String, String> getParam(OpenUser user) {
-        Map<String, String> map = new HashMap<>();
-        map.put("username", user.getUsername());
-        return map;
-    }
 
     @Override
     public OpenUser login(HttpServletRequest request) throws LoginErrorException {

sop-example/sop-auth/src/main/java/com/gitee/sop/sopauth/auth/impl/OAuth2ServiceImpl.java

@@ -16,7 +16,6 @@ import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
 import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
 import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
 import org.apache.oltu.oauth2.as.response.OAuthASResponse;
-import org.apache.oltu.oauth2.as.response.OAuthASResponse.OAuthTokenResponseBuilder;
 import org.apache.oltu.oauth2.common.OAuth;
 import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
@@ -32,9 +31,6 @@ import org.springframework.util.StringUtils;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.net.URISyntaxException;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
 
 /**
  * oauth2服务端默认实现
@@ -261,24 +257,4 @@ public class OAuth2ServiceImpl implements OAuth2Service {
         return fetchTokenResult;
     }
 
-    private OAuthResponse buildAccessTokenResponse(TokenPair tokenPair, long expiresIn, OpenUser user) throws OAuthSystemException {
-        OAuthTokenResponseBuilder resp = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK);
-
-        Map<String, String> param = oauth2Manager.getParam(user);
-        if (param != null) {
-            Set<Entry<String, String>> entrySet = param.entrySet();
-            for (Entry<String, String> entry : entrySet) {
-                resp.setParam(entry.getKey(), entry.getValue());
-            }
-        }
-
-        return resp
-                .setAccessToken(tokenPair.getAccessToken())
-                .setRefreshToken(tokenPair.getRefreshToken())
-                .setTokenType(TOKEN_TYPE)
-                .setExpiresIn(String.valueOf(expiresIn))
-                .buildJSONMessage();
-
-    }
-
 }

sop-example/sop-auth/src/main/java/com/gitee/sop/sopauth/controller/CallbackController.java

@@ -32,7 +32,6 @@ public class CallbackController {
     @GetMapping("oauth2callback")
     @ResponseBody
     public String callback(HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
-        servletResponse.setCharacterEncoding("UTF-8");
         String app_id = servletRequest.getParameter("app_id");
         String code = servletRequest.getParameter("code");
 
@@ -49,6 +48,7 @@ public class CallbackController {
             // 后续使用token进行接口访问
             log.info("授权成功，body:{}", response.getBody());
         }
+        System.out.println(response.getBody());
         return response.getBody();
     }
 }

sop-example/sop-auth/src/main/java/com/gitee/sop/sopauth/entity/UserInfo.java

@@ -1,5 +1,6 @@
 package com.gitee.sop.sopauth.entity;
 
+import com.alibaba.fastjson.annotation.JSONField;
 import com.gitee.sop.sopauth.auth.OpenUser;
 import lombok.Data;
 
@@ -30,6 +31,7 @@ public class UserInfo implements OpenUser {
     private String username;
 
     /** 密码, 数据库字段：password */
+    @JSONField(serialize = false)
     private String password;
 
     /** 昵称, 数据库字段：nickname */

sop-example/sop-auth/src/main/resources/application-dev.yml

@@ -29,6 +29,13 @@ spring:
   thymeleaf:
     cache: false
 
+  # redis设置
+#  redis:
+#    host: localhost
+#    database: 0
+
+
+
 logging:
   level:
     com: