工业级后台API v2
blame | history | patch | commit | commitdiff | ignore whitespace
ZhuDongming
2019-10-22 28215e381131b0919567ec5c3f236b29ebd3ad5c 
 src/main/java/com/moral/security/endpoint/RefreshTokenEndpoint.java


@@ -1,7 +1,7 @@


package com.moral.security.endpoint;




import com.moral.entity.Account;


import com.moral.security.auth.JwtAuthenticationToken;


import com.moral.entity.Role;


import com.moral.security.auth.login.LoginMode;


import com.moral.security.model.token.JwtTokenFactory;


import com.moral.security.auth.jwt.extractor.TokenExtractor;


@@ -14,6 +14,8 @@


import com.moral.security.model.token.RawAccessJwtToken;


import com.moral.security.model.token.RefreshToken;


import com.moral.service.AccountService;




import org.apache.commons.collections.CollectionUtils;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.beans.factory.annotation.Qualifier;


import org.springframework.http.MediaType;


@@ -56,7 +58,7 @@


    @RequestMapping(value="/auth/token", method= RequestMethod.GET, produces={ MediaType.APPLICATION_JSON_VALUE })


    public @ResponseBody


    JwtToken refreshToken(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {


        String tokenPayload = tokenExtractor.extract(request.getHeader(WebSecurityConfig.AUTHENTICATION_HEADER_NAME));


        String tokenPayload = tokenExtractor.extract(request.getHeader(WebSecurityConfig.REFRESH_TOKEN_HEADER_NAME));


        


        RawAccessJwtToken rawToken = new RawAccessJwtToken(tokenPayload);


        RefreshToken refreshToken = RefreshToken.create(rawToken, jwtSettings.getTokenSigningKey()).orElseThrow(() -> new InvalidJwtToken());


@@ -69,10 +71,10 @@


        // 从refresh token里 拿到登录方式


        LoginMode mode = LoginMode.valueOf(refreshToken.getClaims().getBody().get("mode").toString());


        Account account = accountService.queryAccountByName(subject).orElseThrow(() -> new UsernameNotFoundException("User not found: " + subject));




        if (account.getRoles() == null) throw new InsufficientAuthenticationException("User has no roles assigned");


        List<GrantedAuthority> authorities = account.getRoles().stream()


                .map(authority -> new SimpleGrantedAuthority(authority.getName()))


        List<Role> roleList = accountService.getRolesByAccountName(account.getAccountName());


        if (CollectionUtils.isEmpty(roleList)) throw new InsufficientAuthenticationException("User has no roles assigned");


        List<GrantedAuthority> authorities = roleList.stream()


                .map(authority -> new SimpleGrantedAuthority(authority.getRoleName()))


                .collect(Collectors.toList());




        UserContext userContext = UserContext.create(account.getAccountName(),mode,account.getOrganizationId(),authorities);