fun.fengwk.convention4j.oauth2.server.controller.OAuth2ServerControllerTemplate Maven / Gradle / Ivy
package fun.fengwk.convention4j.oauth2.server.controller;
import fun.fengwk.convention4j.api.result.Result;
import fun.fengwk.convention4j.common.result.Results;
import fun.fengwk.convention4j.oauth2.server.model.context.DefaultAuthorizeContext;
import fun.fengwk.convention4j.oauth2.server.model.context.DefaultTokenContext;
import fun.fengwk.convention4j.oauth2.server.properties.OAuth2ServerProperties;
import fun.fengwk.convention4j.oauth2.server.service.OAuth2Service;
import fun.fengwk.convention4j.oauth2.server.util.SsoCookieUtils;
import fun.fengwk.convention4j.oauth2.share.constant.TokenType;
import fun.fengwk.convention4j.oauth2.share.model.OAuth2TokenDTO;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import java.net.URI;
import java.util.Map;
/**
* @author fengwk
*/
@Slf4j
@AllArgsConstructor
public abstract class OAuth2ServerControllerTemplate {
protected final OAuth2ServerProperties oauth2ServerProperties;
protected final OAuth2Service oauth2Service;
/**
* 单点登陆authorize
*
* @return 授权uri
*/
public Result sso(
String responseType,
String clientId,
String redirectUri,
String scope,
String state,
HttpServletRequest request) {
DefaultAuthorizeContext context = new DefaultAuthorizeContext<>();
context.setResponseType(responseType);
context.setClientId(clientId);
context.setRedirectUri(redirectUri);
context.setScope(scope);
context.setState(state);
Map ssoIdMap = SsoCookieUtils.getSsoIdMap(request);
context.setSsoId(ssoIdMap.get(clientId));
try {
URI uri = oauth2Service.authorize(context);
log.debug("SSO authorize success, context: {}, uri: {}", context, uri);
return Results.ok(uri.toASCIIString());
} catch (Exception ex) {
log.debug("SSO authorize failed, context: {}", context, ex);
// 如果sso认证失败则返回空结果
return Results.ok();
}
}
/**
* 授权码模式、隐式模式
*
* @return 授权uri
*/
public Result authorize(
String responseType,
String clientId,
String redirectUri,
String scope,
String state,
CERTIFICATE certificate,
HttpServletRequest request,
HttpServletResponse response) {
DefaultAuthorizeContext context = new DefaultAuthorizeContext<>();
context.setResponseType(responseType);
context.setClientId(clientId);
context.setRedirectUri(redirectUri);
context.setScope(scope);
context.setState(state);
context.setCertificate(certificate);
Map ssoIdMap = SsoCookieUtils.getSsoIdMap(request);
context.setSsoId(ssoIdMap.get(clientId));
try {
URI uri = oauth2Service.authorize(context);
log.debug("Authorize success, context: {}, uri: {}", context, uri);
SsoCookieUtils.setSsoId(request, response, context, ssoIdMap, oauth2ServerProperties.getSsoStoreSeconds());
return Results.ok(uri.toASCIIString());
} catch (Exception ex) {
log.debug("Authorize failed, context: {}", context);
SsoCookieUtils.deleteSsoId(request, response, context, ssoIdMap, oauth2ServerProperties.getSsoStoreSeconds());
throw ex;
}
}
/**
* 授权码模式、客户端模式、密码模式、刷新令牌(clientId、clientSecret、refreshToken)
*
* @return 令牌
*/
public Result token(
String grantType,
String code,
String redirectUri,
String clientId,
String clientSecret,
String scope,
String subjectId,
String refreshToken,
CERTIFICATE certificate,
HttpServletRequest request,
HttpServletResponse response) {
DefaultTokenContext context = new DefaultTokenContext<>();
context.setGrantType(grantType);
context.setCode(code);
context.setRedirectUri(redirectUri);
context.setClientId(clientId);
context.setClientSecret(clientSecret);
context.setScope(scope);
context.setSubjectId(subjectId);
context.setRefreshToken(refreshToken);
context.setCertificate(certificate);
Map ssoIdMap = SsoCookieUtils.getSsoIdMap(request);
context.setSsoId(ssoIdMap.get(clientId));
try {
OAuth2TokenDTO oauth2TokenDTO = oauth2Service.token(context);
log.debug("Token success, context: {}, oauth2TokenDTO: {}", context, oauth2TokenDTO);
SsoCookieUtils.setSsoId(request, response, context, ssoIdMap, oauth2ServerProperties.getSsoStoreSeconds());
return Results.created(oauth2TokenDTO);
} catch (Exception ex) {
log.debug("Token failed, context: {}", context);
SsoCookieUtils.deleteSsoId(request, response, context, ssoIdMap, oauth2ServerProperties.getSsoStoreSeconds());
throw ex;
}
}
/**
* 获取授权访问主体信息,有两种令牌设置途径,直接传递参数或在header的Authorization中传递Bearer token
*
* @param authorization 授权信息,{@link TokenType#buildAuthorization(String)}
* @param scope 主动指定作用域
* @return 主体信息
*/
public Result subject(
String authorization,
String scope) {
String accessToken = TokenType.BEARER.parseAccessToken(authorization);
SUBJECT subject = oauth2Service.subject(accessToken, scope);
log.debug("Subject success, accessToken: {}, scope: {}, subject: {}", accessToken, scope, subject);
return Results.ok(subject);
}
/**
* 回收令牌,有两种令牌设置途径,直接传递参数或在header的Authorization中传递Bearer token
*
* @param authorization 授权信息,{@link TokenType#buildAuthorization(String)}
*/
public Result revokeToken(String authorization) {
String accessToken = TokenType.BEARER.parseAccessToken(authorization);
oauth2Service.revokeToken(accessToken);
log.debug("Revoke token success, accessToken: {}", accessToken);
return Results.ok();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy