一、该问题的重现步骤是什么?
1. 我目前在做一个“一体化”平台,实现用户登录这个平台后,根据自己的权限可以看到已入驻的其它子系统,用户点击其中一个子系统可以直接单点登录进入。
2. 我实现的方式是改造了一个“静默授权”的接口(下面我会粘贴代码),用户在一体化平台时,默认入驻的子系统用户数据要和一体化平台数据一致,校验一波客户以及客户端端信息,直接用一体化平台的用户token生成一个授权码,拼接好跳转地址给前端,前端用这个地址调用三方子系统,三方子系统拿授权码换取token,进而拿到用户信息封装自己的granter,生成自己平台的token。
3.现在的问题是我部署了一套bladex 4.5到服务器上,我本地改造了一个
GovLawAuthorizationCodeGranter extends AuthorizationCodeGranter
目的是脱离咱们bladex默认调用自己认证服务的方式,这样相当于和SSO服务分离开,本来想自定义第三方登录,感觉改造JustAuth太复杂了,就继承了
AuthorizationCodeGranter 想重新在这里调用服务器上的获取token 获取用户,封装自己的用户,生成token
二、你期待的结果是什么?实际看到的又是什么?
现在可以获取token,但是获取用户是-1,大佬帮忙看看是什么问题?下面我粘贴我改造的代码:
org.springblade.auth.granter;
cn.hutool.http.HttpRequest;
cn.hutool.http.HttpResponse;
com.alibaba.fastjson.JSON;
com.alibaba.fastjson.JSONObject;
io.jsonwebtoken.Claims;
lombok.extern.slf4j.;
org.springblade.auth.utils.TokenUtil;
org.springblade.core.jwt.JwtUtil;
org.springblade.core.oauth2.exception.OAuth2ErrorCode;
org.springblade.core.oauth2.granter.AuthorizationCodeGranter;
org.springblade.core.oauth2.handler.PasswordHandler;
org.springblade.core.oauth2.provider.OAuth2Request;
org.springblade.core.oauth2.service.OAuth2ClientService;
org.springblade.core.oauth2.service.OAuth2User;
org.springblade.core.oauth2.service.OAuth2UserService;
org.springblade.core.oauth2.utils.OAuth2ExceptionUtil;
org.springblade.core.redis.cache.BladeRedis;
org.springblade.core.tool.api.R;
org.springblade.core.tool.utils.StringUtil;
org.springblade.system.feign.IUserClient;
org.springblade.system.pojo.entity.UserInfo;
org.springframework.stereotype.;
java.util.HashMap;
java.util.Map;
GovLawAuthorizationCodeGranter AuthorizationCodeGranter {
IUserClient ;
String = ;
String = ;
(OAuth2ClientService clientService,
OAuth2UserService userService,
PasswordHandler passwordHandler,
BladeRedis bladeRedis,
IUserClient userClient) {
(clientService, userService, passwordHandler,bladeRedis);
.= userClient;
}
String () {
;
}
OAuth2User (OAuth2Request request) {
String code = request.getCode();
String state = request.getState();
(StringUtil.(code)) {
OAuth2ExceptionUtil.(OAuth2ErrorCode.);
}
{
Map<String, Object> tokenParam = HashMap<>();
tokenParam.put(, );
tokenParam.put(, );
tokenParam.put(, code);tokenParam.put(, );
HttpResponse ssoResponse = HttpRequest.()
.header(, )
.header(, )
.form(tokenParam)
.execute();
JSONObject ssoJson = JSON.(ssoResponse.body());
String accessToken = ssoJson.getString();
//这里的accessToken 可以获取到,看起来很正常
(StringUtil.(accessToken)) {
.warn(, ssoJson);
OAuth2ExceptionUtil.(OAuth2ErrorCode.);
}
HttpResponse userInfoResponse = HttpRequest.()
.header(, + accessToken)
.header(, )
.execute();
JSONObject userJson = JSON.(userInfoResponse.body());
String userId = userJson.getString();
(StringUtil.(userId)) {
.warn(, userJson);
OAuth2ExceptionUtil.(OAuth2ErrorCode.);
}
R<UserInfo> userInfoR = .userInfo(Long.(userId));
(!userInfoR.isSuccess() || userInfoR.getData() == ) {
OAuth2ExceptionUtil.(OAuth2ErrorCode.);
}
OAuth2User user = TokenUtil.(userInfoR.getData(), request);
user.setClient(client(request));
user;
} (Exception e) {
.error(, e);
OAuth2ExceptionUtil.(OAuth2ErrorCode.);
;
}
}
}org.springblade.auth.endpoint;
io.jsonwebtoken.Claims;
jakarta.servlet.http.HttpServletRequest;
lombok.;
lombok.extern.slf4j.;
org.springblade.core.jwt.JwtCrypto;
org.springblade.core.jwt.JwtUtil;
org.springblade.core.launch.constant.TokenConstant;
org.springblade.core.launch.props.BladeProperties;
org.springblade.core.oauth2.provider.OAuth2Request;
org.springblade.core.oauth2.service.OAuth2Client;
org.springblade.core.oauth2.service.OAuth2ClientService;
org.springblade.core.oauth2.service.OAuth2User;
org.springblade.core.oauth2.service.OAuth2UserService;
org.springblade.core.oauth2.utils.OAuth2CodeUtil;
org.springblade.core.redis.cache.BladeRedis;
org.springblade.core.tool.api.R;
org.springblade.core.tool.utils.StringUtil;
org.springframework.web.bind.annotation.*;
org.springframework.web.servlet.view.RedirectView;
java.time.Duration;
org.springblade.core.jwt.JwtCrypto.;
()
SilentAuthorizeEndpoint {
OAuth2UserService ;
OAuth2ClientService ;
BladeRedis ;
BladeProperties ;
()
Object (String client_id,
String redirect_uri,
String state,
HttpServletRequest request) {
String currentSysUsrToken = request.getHeader(TokenConstant.);
(StringUtil.(currentSysUsrToken)) {
R.();
}
Claims claims = (request, );
(claims == ) {
R.();
}
String userId = String.(claims.get(TokenConstant.));
(StringUtil.(userId)) {
R.();
}
OAuth2Request oauthRequest = OAuth2Request.().buildHeaderArgs();
oauthRequest.setUserId(userId);
OAuth2Client client = .loadByClientId(client_id);
(client == || !.validateRedirectUri(client, redirect_uri)) {
R.();
}
OAuth2User user = .loadByUserId(userId, oauthRequest);
(user == || !.validateUser(user)) {
R.();
}
String code = generateUniqueCode();
.setEx(OAuth2CodeUtil.(code), user, Duration.());
+ redirect_uri + + code + + state;
}
String () {
String code = StringUtil.();
(.exists(OAuth2CodeUtil.(code))) {
generateUniqueCode();
}
code;
}
Claims (HttpServletRequest request, BladeProperties bladeProperties) {
String auth = request.getHeader(TokenConstant.);
(StringUtil.(auth)) {
;
}
String token = JwtUtil.(auth);
(JwtUtil.(auth)) {
String cryptoKey = bladeProperties.getEnvironment().getProperty();
token = JwtCrypto.(token, cryptoKey);
}
JwtUtil.(token);
}
}apifox请求截图:
{
"tenant_id": "000000",
"user_id": "1123598821738675201",
"dept_id": "1123598813738675201",
"post_id": "1123598817738675201",
"role_id": "1123598816738675201",
"oauth_id": "",
"account": "admin",
"user_name": "admin",
"nick_name": "管理员",
"real_name": "管理员",
"role_name": "administrator",
"avatar": "https://bladex.cn/images/logo-small.png",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJibGFkZXguY24iLCJhdWQiOlsiYmxhZGV4Il0sInRva2VuX3R5cGUiOiJhY2Nlc3NfdG9rZW4iLCJjbGllbnRfaWQiOiJzYWJlcjMiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsImRlcHRfaWQiOiIxMTIzNTk4ODEzNzM4Njc1MjAxIiwicG9zdF9pZCI6IjExMjM1OTg4MTc3Mzg2NzUyMDEiLCJyb2xlX2lkIjoiMTEyMzU5ODgxNjczODY3NTIwMSIsIm9hdXRoX2lkIjoiIiwiYWNjb3VudCI6ImFkbWluIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJyZWFsX25hbWUiOiLnrqHnkIblkZgiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwiZGV0YWlsIjp7InR5cGUiOiJ3ZWIifSwiZXhwIjoxNzUxMzU3NzQ3LCJuYmYiOjE3NTEzNTQxNDd9.jK1-1oD5JowjJYZRnvBR2noyPUxxyWWg00GfOFeWaA0",
"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJibGFkZXguY24iLCJhdWQiOlsiYmxhZGV4Il0sInRva2VuX3R5cGUiOiJyZWZyZXNoX3Rva2VuIiwidXNlcl9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJkZXB0X2lkIjoiMTEyMzU5ODgxMzczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwiZXhwIjoxNzUxOTU4OTQ3LCJuYmYiOjE3NTEzNTQxNDd9.gHCwn_KYWHakeuFmePzNfiXR-U49-2Vre1u9jdDImgQ",
"token_type": "bearer",
"expires_in": 3600,
"detail": {
"type": "web"
},
"license": "powered by bladex"
}
获取用户信息 -1
三、你正在使用的是什么产品,什么版本?在什么操作系统上?
bladex 4.5
四、请提供详细的错误堆栈信息,这很重要。
五、若有更多详细信息,请在下面提供。
如果是bladex4.6之前的版本,按照这个commit处理下:https://center.javablade.com/blade/BladeX-Tool/commit/0996818b600eb8c5e802040da8bfeab3a6dcdf55
如果还不行,按照这两步做一下:
1. 获取到accessToken后,到这里解码看看内容是什么 https://www.bejson.com/jwt/
2. 到这里打断点看看获取到的是什么,错误是什么,就这样一层一层调试下去
大佬,不太对劲呢感觉:
按照我上面说的步骤操作,然后给我你看到的结果。
如果觉得不需要,这个接口你可以无视。
扫一扫访问 Blade技术社区 移动端
加载中...
苏公网安备 32041102000998号