工业级后台API v2
blame | history | raw
fengxiang
2018-02-01 cd16757f2cd963749850d6f8897381a8b7a849ef 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

package com.moral.security.auth.jwt;


 


import com.moral.security.auth.JwtAuthenticationToken;


import com.moral.security.auth.login.LoginMode;


import com.moral.security.config.JwtSettings;


import com.moral.security.model.UserContext;


import com.moral.security.model.token.JwtToken;


import com.moral.security.model.token.RawAccessJwtToken;


import io.jsonwebtoken.Claims;


import io.jsonwebtoken.Jws;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.security.authentication.AuthenticationProvider;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.AuthenticationException;


import org.springframework.security.core.GrantedAuthority;


import org.springframework.security.core.authority.SimpleGrantedAuthority;


import org.springframework.stereotype.Component;


 


import java.util.List;


import java.util.stream.Collectors;


 


/**


 * An {@link AuthenticationProvider} implementation that will use provided


 * instance of {@link JwtToken} to perform authentication.


 * 


 * @author vladimir.stankovic


 *


 * Aug 5, 2016


 */


@Component


@SuppressWarnings("unchecked")


public class JwtAuthenticationProvider implements AuthenticationProvider {


    private final JwtSettings jwtSettings;


    


    @Autowired


    public JwtAuthenticationProvider(JwtSettings jwtSettings) {


        this.jwtSettings = jwtSettings;


    }


 


    /**


     * 封装认证凭证信息(包括组织信息和角色)


     * @param authentication


     * @return


     * @throws AuthenticationException


     */


    @Override


    public Authentication authenticate(Authentication authentication) throws AuthenticationException {


        RawAccessJwtToken rawAccessToken = (RawAccessJwtToken) authentication.getCredentials();


 


        Jws<Claims> jwsClaims = rawAccessToken.parseClaims(jwtSettings.getTokenSigningKey());


        String subject = jwsClaims.getBody().getSubject();


        Integer orgId =  Integer.valueOf(jwsClaims.getBody().get("oid").toString());


        LoginMode mode = LoginMode.valueOf(jwsClaims.getBody().get("mode").toString());


        List<String> scopes = jwsClaims.getBody().get("scopes", List.class);


        List<GrantedAuthority> authorities = scopes.stream()


            .map(SimpleGrantedAuthority::new)


            .collect(Collectors.toList());


        


        UserContext context = UserContext.create(subject,mode,orgId,authorities);


        


        return new JwtAuthenticationToken(context, context.getAuthorities());


    }


 


    @Override


    public boolean supports(Class<?> authentication) {


        return (JwtAuthenticationToken.class.isAssignableFrom(authentication));


    }


}