From 923e745c19cc286235628b4b29f16a1bd4f168cb Mon Sep 17 00:00:00 2001
From: jinpengyong <jpy123456>
Date: Wed, 16 Sep 2020 11:23:54 +0800
Subject: [PATCH] update
---
src/main/java/com/moral/security/endpoint/RefreshTokenEndpoint.java | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/main/java/com/moral/security/endpoint/RefreshTokenEndpoint.java b/src/main/java/com/moral/security/endpoint/RefreshTokenEndpoint.java
index f965e0f..7a1be18 100644
--- a/src/main/java/com/moral/security/endpoint/RefreshTokenEndpoint.java
+++ b/src/main/java/com/moral/security/endpoint/RefreshTokenEndpoint.java
@@ -1,7 +1,7 @@
package com.moral.security.endpoint;
import com.moral.entity.Account;
-import com.moral.security.auth.JwtAuthenticationToken;
+import com.moral.entity.Role;
import com.moral.security.auth.login.LoginMode;
import com.moral.security.model.token.JwtTokenFactory;
import com.moral.security.auth.jwt.extractor.TokenExtractor;
@@ -14,6 +14,8 @@
import com.moral.security.model.token.RawAccessJwtToken;
import com.moral.security.model.token.RefreshToken;
import com.moral.service.AccountService;
+
+import org.apache.commons.collections.CollectionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.MediaType;
@@ -56,7 +58,7 @@
@RequestMapping(value="/auth/token", method= RequestMethod.GET, produces={ MediaType.APPLICATION_JSON_VALUE })
public @ResponseBody
JwtToken refreshToken(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
- String tokenPayload = tokenExtractor.extract(request.getHeader(WebSecurityConfig.AUTHENTICATION_HEADER_NAME));
+ String tokenPayload = tokenExtractor.extract(request.getHeader(WebSecurityConfig.REFRESH_TOKEN_HEADER_NAME));
RawAccessJwtToken rawToken = new RawAccessJwtToken(tokenPayload);
RefreshToken refreshToken = RefreshToken.create(rawToken, jwtSettings.getTokenSigningKey()).orElseThrow(() -> new InvalidJwtToken());
@@ -69,10 +71,10 @@
// ���refresh token��� ������������������
LoginMode mode = LoginMode.valueOf(refreshToken.getClaims().getBody().get("mode").toString());
Account account = accountService.queryAccountByName(subject).orElseThrow(() -> new UsernameNotFoundException("User not found: " + subject));
-
- if (account.getRoles() == null) throw new InsufficientAuthenticationException("User has no roles assigned");
- List<GrantedAuthority> authorities = account.getRoles().stream()
- .map(authority -> new SimpleGrantedAuthority(authority.getName()))
+ List<Role> roleList = accountService.getRolesByAccountName(account.getAccountName());
+ if (CollectionUtils.isEmpty(roleList)) throw new InsufficientAuthenticationException("User has no roles assigned");
+ List<GrantedAuthority> authorities = roleList.stream()
+ .map(authority -> new SimpleGrantedAuthority(authority.getRoleName()))
.collect(Collectors.toList());
UserContext userContext = UserContext.create(account.getAccountName(),mode,account.getOrganizationId(),authorities);
--
Gitblit v1.8.0