LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#IAZNZS oauth2单点注销没有生效修复

Browse Source
This commit is contained in:
shimingxy
2024-11-20 09:48:39 +08:00
parent c2628b271a
commit 4ceaebf80c
16 changed files with 289 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/token/DefaultTokenServices.java
View File

@@ -17,11 +17,15 @@ import java.util.Date;
import java.util.Set;
import java.util.UUID;
import org.dromara.maxkey.authn.SignPrincipal;
import org.dromara.maxkey.authn.session.SessionManager;
import org.dromara.maxkey.authn.session.VisitedDto;
import org.dromara.maxkey.authz.oauth2.common.DefaultExpiringOAuth2RefreshToken;
import org.dromara.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
import org.dromara.maxkey.authz.oauth2.common.DefaultOAuth2RefreshToken;
import org.dromara.maxkey.authz.oauth2.common.ExpiringOAuth2RefreshToken;
import org.dromara.maxkey.authz.oauth2.common.OAuth2AccessToken;
import org.dromara.maxkey.authz.oauth2.common.OAuth2Constants;
import org.dromara.maxkey.authz.oauth2.common.OAuth2RefreshToken;
import org.dromara.maxkey.authz.oauth2.common.exceptions.InvalidGrantException;
import org.dromara.maxkey.authz.oauth2.common.exceptions.InvalidScopeException;
@@ -31,7 +35,11 @@ import org.dromara.maxkey.authz.oauth2.provider.ClientRegistrationException;
import org.dromara.maxkey.authz.oauth2.provider.OAuth2Authentication;
import org.dromara.maxkey.authz.oauth2.provider.OAuth2Request;
import org.dromara.maxkey.authz.oauth2.provider.TokenRequest;
import org.dromara.maxkey.entity.apps.Apps;
import org.dromara.maxkey.entity.apps.oauth2.provider.ClientDetails;
import org.dromara.maxkey.persistence.service.AppsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
@@ -54,6 +62,7 @@ import org.springframework.util.Assert;
*/
public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices,
ConsumerTokenServices, InitializingBean {
static final Logger _logger = LoggerFactory.getLogger(DefaultTokenServices.class);
private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days.
@@ -70,6 +79,10 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
private TokenEnhancer accessTokenEnhancer;
private AuthenticationManager authenticationManager;
private AppsService appsService;
private SessionManager sessionManager;
/**
* Initialize these token services. If no random generator is set, one will be created.
@@ -125,6 +138,18 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
if (refreshToken != null) {
tokenStore.storeRefreshToken(refreshToken, authentication);
}
//存储oauth、oidc等的token,用户退出时清除
if(authentication.getUserAuthentication().getPrincipal() instanceof SignPrincipal principal) {
_logger.debug("{}({}) , session {} access for logout clear ",
principal.getUsername(),principal.getUserId(),principal.getSessionId());
String clientId = authentication.getOAuth2Request().getRequestParameters().get(OAuth2Constants.PARAMETER.CLIENT_ID);
_logger.debug("client_id {} token {}",clientId,accessToken);
Apps app = appsService.get(clientId, true);
VisitedDto visited = new VisitedDto(app,principal.getSessionId());
visited.setToken(accessToken.getValue());
visited.setRefreshToken(accessToken.getRefreshToken().getValue());
sessionManager.visited(principal.getSessionId(), visited);
}
return accessToken;
}
@@ -432,4 +457,13 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
this.clientDetailsService = clientDetailsService;
}
public void setAppsService(AppsService appsService) {
this.appsService = appsService;
}
public void setSessionManager(SessionManager sessionManager) {
this.sessionManager = sessionManager;
}
}

8
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/autoconfigure/Oauth20AutoConfiguration.java
View File

@@ -23,6 +23,7 @@ import java.security.spec.InvalidKeySpecException;
import javax.sql.DataSource;
import org.dromara.maxkey.authn.session.SessionManager;
import org.dromara.maxkey.authz.oauth2.common.OAuth2Constants;
import org.dromara.maxkey.authz.oauth2.provider.ClientDetailsService;
import org.dromara.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
@@ -48,6 +49,7 @@ import org.dromara.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptio
import org.dromara.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
import org.dromara.maxkey.persistence.redis.RedisConnectionFactory;
import org.dromara.maxkey.persistence.repository.LoginRepository;
import org.dromara.maxkey.persistence.service.AppsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
@@ -259,12 +261,16 @@ public class Oauth20AutoConfiguration implements InitializingBean {
DefaultTokenServices defaultTokenServices(
JdbcClientDetailsService oauth20JdbcClientDetailsService,
TokenStore oauth20TokenStore,
OIDCIdTokenEnhancer tokenEnhancer) {
OIDCIdTokenEnhancer tokenEnhancer,
AppsService appsService,
SessionManager sessionManager) {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setClientDetailsService(oauth20JdbcClientDetailsService);
tokenServices.setTokenEnhancer(tokenEnhancer);
tokenServices.setTokenStore(oauth20TokenStore);
tokenServices.setSupportRefreshToken(true);
tokenServices.setAppsService(appsService);
tokenServices.setSessionManager(sessionManager);
_logger.debug("OAuth 2 Token Services init.");
return tokenServices;
}