satoken

pom.xml

@@ -154,6 +154,13 @@
             <version>${satoken.version}</version>
         </dependency>
 
+        <!-- Sa-Token-OAuth2.0 模块 -->
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-oauth2</artifactId>
+            <version>${satoken.version}</version>
+        </dependency>
+
 
         <!--引入Lombok依赖-->
         <dependency>

src/main/java/com/xjrsoft/module/system/controller/LoginController.java

@@ -1,7 +1,13 @@
 package com.xjrsoft.module.system.controller;
 
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaRequest;
+import cn.dev33.satoken.context.model.SaResponse;
+import cn.dev33.satoken.oauth2.config.SaOAuth2Config;
+import cn.dev33.satoken.oauth2.logic.SaOAuth2Handle;
 import cn.dev33.satoken.session.SaSession;
 import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import cn.hutool.jwt.JWT;
@@ -30,7 +36,9 @@ import org.apache.commons.lang3.StringUtils;
 import org.keycloak.authorization.client.AuthzClient;
 import org.keycloak.authorization.client.Configuration;
 import org.keycloak.representations.AccessTokenResponse;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.ModelAndView;
 
 import javax.validation.Valid;
 import java.util.HashMap;

src/main/java/com/xjrsoft/module/system/controller/Oauth2Controller.java

@@ -0,0 +1,78 @@
+package com.xjrsoft.module.system.controller;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaRequest;
+import cn.dev33.satoken.context.model.SaResponse;
+import cn.dev33.satoken.oauth2.config.SaOAuth2Config;
+import cn.dev33.satoken.oauth2.logic.SaOAuth2Handle;
+import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
+import com.xjrsoft.common.annotation.XjrLog;
+import com.xjrsoft.common.constant.GlobalConstant;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.AllArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.ModelAndView;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Oauth2
+ */
+@Api(tags = "Oauth2")
+@RestController
+@AllArgsConstructor
+public class Oauth2Controller {
+
+    // 处理所有OAuth相关请求
+    @RequestMapping("/oauth2/*")
+    @ApiOperation(value = "oauth2", notes = "处理所有OAuth相关请求")
+    @XjrLog(value = "处理所有OAuth相关请求")
+    public Object request() {
+        System.out.println("------- 进入请求: " + SaHolder.getRequest().getUrl());
+
+        return SaOAuth2Handle.serverRequest();
+    }
+
+    // Sa-OAuth2 定制化配置
+    @Autowired
+    public void setSaOAuth2Config(SaOAuth2Config cfg) {
+        // 配置：未登录时返回的View
+        cfg.setNotLoginView(() -> {
+                    SaRequest req = SaHolder.getRequest();
+//                    Map<String, String> paramMap = req.getp
+//                    StringBuilder param = new StringBuilder();
+//                    paramMap.forEach((k, v) -> {
+//                        param.append("&").append(k).append("=").append(v);
+//                    });
+//                    param.deleteCharAt(0);
+                    SaResponse res = SaHolder.getResponse();
+                    res.redirect("http://127.0.0.1:9000/#/login");
+                    return null;
+//                    return new ModelAndView("login.html");
+//                    String msg = "当前会话在OAuth-Server端尚未登录，请先访问"
+//                        + "<a href='/oauth2/doLogin?name=sa&pwd=123456' target='_blank'> doLogin登录 </a>"
+//                        + "进行登录之后，刷新页面开始授权";
+//                return msg;
+                }).
+                // 配置：登录处理函数
+                setDoLoginHandle((name, pwd) -> {
+                    if ("sa".equals(name) && "123456".equals(pwd)) {
+                        StpUtil.login(10001);
+                        return SaResult.ok();
+                    }
+                    return SaResult.error("账号名或密码错误");
+                }).
+                // 配置：确认授权时返回的View
+                    setConfirmView((clientId, scope) -> {
+                    Map<String, Object> map = new HashMap<>();
+                    map.put("clientId", clientId);
+                    map.put("scope", scope);
+                    return new ModelAndView("confirm.html", map);
+                });
+    }
+}

src/main/java/com/xjrsoft/module/system/service/impl/SaOAuth2TemplateImpl.java

@@ -0,0 +1,41 @@
+package com.xjrsoft.module.system.service.impl;
+
+import cn.dev33.satoken.oauth2.logic.SaOAuth2Template;
+import cn.dev33.satoken.oauth2.model.SaClientModel;
+import cn.dev33.satoken.stp.StpUtil;
+import org.springframework.stereotype.Component;
+
+/**
+ * Sa-Token OAuth2.0 整合实现
+ */
+@Component
+public class SaOAuth2TemplateImpl extends SaOAuth2Template {
+    // 根据 id 获取 Client 信息
+    @Override
+    public SaClientModel getClientModel(String clientId) {
+        // 此为模拟数据，真实环境需要从数据库查询
+        if("1001".equals(clientId)) {
+            return new SaClientModel()
+                    .setClientId("1001")
+                    .setClientSecret("aaaa-bbbb-cccc-dddd-eeee")
+                    .setAllowUrl("https://sa-token.cc")
+                    .setContractScope("userinfo")
+                    .setIsAutoMode(true);
+        }
+        return null;
+    }
+
+    // 根据ClientId 和 LoginId 获取openid
+    @Override
+    public String getOpenid(String clientId, Object loginId) {
+        // 此为模拟数据，真实环境需要从数据库查询
+        return "gr_SwoIN0MC1ewxHX_vfCW3BothWDZMMtx__";
+    }
+
+    // 重写 Access-Token 生成策略：复用登录会话的Token
+    @Override
+    public String randomAccessToken(String clientId, Object loginId, String scope) {
+        String tokenValue = StpUtil.createLoginSession(loginId);
+        return tokenValue;
+    }
+}

src/main/resources/application-dev.yml

@@ -82,6 +82,7 @@ xjrsoft:
       - /bi/project/info # 桌面
       - /system/loginByCode #编号登录
       - /organization/user/register # 注册
+      - /oauth2/* # oauth2
   email:
     host:  #邮件服务器的SMTP地址，可选，默认为smtp.<发件人邮箱后缀>
     port:  # 邮件服务器的SMTP端口，可选，默认25

src/main/resources/application-prod.yml

@@ -82,6 +82,7 @@ xjrsoft:
       - /bi/project/info # 桌面
       - /system/loginByCode #编号登录
       - /organization/user/register # 注册
+      - /oauth2/* # oauth2
   email:
     host:  #邮件服务器的SMTP地址，可选，默认为smtp.<发件人邮箱后缀>
     port:  # 邮件服务器的SMTP端口，可选，默认25

src/main/resources/application.yml

@@ -78,7 +78,7 @@ sa-token:
   # sa-token-temp-jwt 模块的秘钥 （随便乱摁几个字母就行了）
   jwt-secret-key: yeMyLT&&4E%j%ku6owA%$s!2SR!W!!kM
   # token前缀
-  token-prefix: Bearer
+#  token-prefix: Bearer
   # token名称 (同时也是cookie名称)
   token-name: Authorization
   # token有效期，单位s 默认30天, -1代表永不过期