com.flyfish.oauth.configuration.OAuth2SsoProperties Maven / Gradle / Ivy
package com.flyfish.oauth.configuration;
import com.flyfish.oauth.domain.data.Tuple;
import com.flyfish.oauth.utils.OAuth2Utils;
import lombok.Getter;
import lombok.Setter;
import org.apache.commons.lang3.StringUtils;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashSet;
import java.util.Set;
import static com.flyfish.oauth.builder.TypedMapBuilder.stringMapBuilder;
/**
* OAuth2 Single Sign On (SSO) 配置
*
* @author wangyu
*/
public class OAuth2SsoProperties {
public static final String DEFAULT_LOGIN_PATH = "/login";
public static final String DEFAULT_LOG_OUT_PATH = "/logout";
public static final String DEFAULT_REDIRECT_URI = "/oauth/callback";
public static final String DEFAULT_SCOPE = "client";
public static final String DEFAULT_USER_PATH = "/api/login/user-info";
public static final String DEFAULT_CHECK_PATH = "/api/login/oauth/check_token";
public static final String DEFAULT_TOKEN_PATH = "/api/login/oauth/token";
public static final String DEFAULT_AUDITING_FETCH_URI = "/api/data/auditing-strategies/fetch";
public static final String DEFAULT_AUDITING_URI = "/api/auditing/auditing";
public static final String DEFAULT_SYNC_URI = "/api/data/external-users/sync";
@Getter
@Setter
private String localUrl = "http://localhost:8080";
/**
* 必须附带,传入认证服务器地址
*/
@Getter
@Setter
private String serverUrl = "http://localhost:8000";
/**
* 必须附带,传入的客户端id
*/
@Getter
@Setter
private String clientId = "test";
/**
* 必须附带,传入的客户端密钥
*/
@Getter
@Setter
private String clientSecret = "123456";
/**
* 登录回调地址,如果此处配置了回调地址,将替换默认的地址
*/
@Setter
private String redirectUri = DEFAULT_REDIRECT_URI;
/**
* 可选附带,传入的获取token的地址
*/
@Setter
private String accessTokenUri = DEFAULT_TOKEN_PATH;
/**
* 是否自动跳转
*/
@Getter
@Setter
private boolean autoRedirect;
/**
* 可选附带,传入的授权页(登录页URI)
*/
private String userAuthorizationUri = DEFAULT_LOGIN_PATH;
/**
* 可选附带,退出登录地址
*/
private String userLogoutUri = DEFAULT_LOG_OUT_PATH;
/**
* 可选附带,传入检查token的URI
*/
private String checkAccessTokenUri = DEFAULT_CHECK_PATH;
/**
* 可选附带,传入获取用户信息的URI
*/
private String userInfoUri = DEFAULT_USER_PATH;
/**
* 可选附带,默认client,认证作用域
*/
private String scope = DEFAULT_SCOPE;
/**
* 可选附带,同步uri,主动同步用户用
*/
@Setter
private String syncUri = DEFAULT_SYNC_URI;
/**
* 是否启用审计
*/
@Setter
@Getter
private Boolean auditing = false;
/**
* 审计uri
*/
@Setter
private String auditingUri = DEFAULT_AUDITING_URI;
/**
* 审计策略uri
*/
@Setter
private String auditingFetchUri = DEFAULT_AUDITING_FETCH_URI;
/**
* 可选附带,敏感的一些uri,主要是为了屏幕原登录页自动跳转
*/
@Getter
@Setter
private Set sensitiveUris = new HashSet<>();
/**
* 放行的uri
*/
@Getter
@Setter
private Set allowUris = new HashSet<>();
/**
* 用户同步类,不使用spring的时候需要指定
*/
@Getter
@Setter
private Class userProviderClass;
/**
* 上下文路径
*/
@Getter
@Setter
private String cookiePath = "/";
/**
* 路径重写
*/
@Getter
@Setter
private Tuple rewrite;
public String getRedirectUri() {
if (!redirectUri.startsWith("http")) {
redirectUri = localUrl + redirectUri;
}
return redirectUri;
}
public String getAccessTokenUri() {
if (!accessTokenUri.startsWith("http")) {
this.accessTokenUri = serverUrl + accessTokenUri;
}
return accessTokenUri;
}
public String getUserAuthorizationUri() {
if (!userAuthorizationUri.startsWith("http")) {
userAuthorizationUri = serverUrl + userAuthorizationUri;
}
return userAuthorizationUri;
}
public void setUserAuthorizationUri(String userAuthorizationUri) {
this.userAuthorizationUri = userAuthorizationUri.startsWith("http") ? userAuthorizationUri : (serverUrl + userAuthorizationUri);
}
public String getUserLogoutUri() {
if (!userLogoutUri.startsWith("http")) {
userLogoutUri = serverUrl + userLogoutUri;
}
return userLogoutUri;
}
public void setUserLogoutUri(String userLogoutUri) {
this.userLogoutUri = userLogoutUri.startsWith("http") ? userLogoutUri : (serverUrl + userLogoutUri);
}
public String getScope() {
return scope;
}
public void setScope(String scope) {
this.scope = scope;
}
public String getCheckAccessTokenUri() {
if (checkAccessTokenUri.startsWith("http")) {
return checkAccessTokenUri;
}
return checkAccessTokenUri = serverUrl + checkAccessTokenUri;
}
public void setCheckAccessTokenUri(String checkAccessTokenUri) {
this.checkAccessTokenUri = checkAccessTokenUri.startsWith("http") ? checkAccessTokenUri : (serverUrl + checkAccessTokenUri);
}
public String getUserInfoUri() {
if (!userInfoUri.startsWith("http")) {
userInfoUri = serverUrl + userInfoUri;
}
return userInfoUri;
}
public void setUserInfoUri(String userInfoUri) {
this.userInfoUri = userInfoUri.startsWith("http") ? userInfoUri : (serverUrl + userInfoUri);
}
/**
* 获取登录URI
*
* @param redirect 同网站跳转目录
* @return 组合完成后的结果
* @throws UnsupportedEncodingException 不支持的编码异常
*/
public String getLoginUri(String redirect) throws UnsupportedEncodingException {
String callbackUrl = StringUtils.isBlank(redirect) ? "" : ("?redirect=" + redirect);
String prefix = userAuthorizationUri.startsWith("http") ? userAuthorizationUri
: serverUrl + userAuthorizationUri;
String redirectUrl = redirectUri.startsWith("http") ? redirectUri : localUrl + redirectUri;
return prefix + OAuth2Utils.mapToQuery(
stringMapBuilder()
.with(OAuth2Utils.CLIENT_ID, clientId)
.with(OAuth2Utils.RESPONSE_TYPE, OAuth2Utils.CODE)
.with(OAuth2Utils.SCOPE, scope)
.with(OAuth2Utils.STATE, String.valueOf(Math.random() * 1000))
.with(OAuth2Utils.REDIRECT_URI, URLEncoder.encode(redirectUrl + callbackUrl, "UTF-8"))
.build()
);
}
public void initialize() {
this.getAccessTokenUri();
this.getAuditingFetchUri();
this.getAuditingUri();
this.getCheckAccessTokenUri();
this.getRedirectUri();
this.getUserAuthorizationUri();
this.getUserLogoutUri();
}
public String getAuditingUri() {
return auditingUri.startsWith("http") ? auditingUri : (serverUrl + auditingUri);
}
public String getSyncUri() {
return syncUri.startsWith("http") ? syncUri : (serverUrl + syncUri);
}
public String getAuditingFetchUri() {
return auditingFetchUri.startsWith("http") ? auditingFetchUri : (serverUrl + auditingFetchUri);
}
}