package io.choerodon.oauth.api.service.impl; import java.security.Principal; import java.util.Collections; import java.util.Map; import com.fasterxml.jackson.databind.ObjectMapper; import io.choerodon.oauth.infra.dto.RouteMemberRuleDTO; import io.choerodon.oauth.infra.mapper.RouteMemberRuleMapper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; import io.choerodon.core.exception.CommonException; import io.choerodon.core.oauth.CustomUserDetails; import io.choerodon.oauth.api.service.PrincipalService; import io.choerodon.oauth.domain.entity.ClientE; import io.choerodon.oauth.domain.entity.UserE; import io.choerodon.oauth.infra.mapper.ClientMapper; import io.choerodon.oauth.infra.mapper.UserMapper; @Service public class PrincipalServiceImpl implements PrincipalService { private static final Logger LOGGER = LoggerFactory.getLogger(PrincipalServiceImpl.class); @Autowired ClientMapper clientMapper; @Autowired UserMapper userMapper; @Autowired private RouteMemberRuleMapper routeMemberRuleMapper; private ObjectMapper mapper = new ObjectMapper(); /** * 用于Userdetail获取时,往Userdetail中添加客户端信息(Userdetail中user为客户端创建人) */ @Override public Principal setClientDetailUserDetails(Principal principal) { String clientName = ((OAuth2Authentication) principal).getPrincipal().toString(); ClientE clientE = new ClientE(); clientE.setName(clientName); clientE = clientMapper.selectOne(clientE); if (clientE == null || clientE.getId() == null) { throw new CommonException("setClientDetailUserDetails.client.not.exist"); } CustomUserDetails user = new CustomUserDetails(clientName, "unknown password", Collections.emptyList()); UserE userE = userMapper.selectByPrimaryKey(clientE.getCreatedBy()); user.eraseCredentials(); //添加client创建人信息 if (userE != null) { user.setUserId(userE.getId()); user.setLanguage(userE.getLanguage()); user.setAdmin(userE.getAdmin()); user.setTimeZone(userE.getTimeZone()); user.setOrganizationId(userE.getOrganizationId()); user.setEmail(userE.getEmail()); addRouteRuleCode(user); } //添加client信息 user.setOrganizationId(clientE.getOrganizationId()); user.setClientId(clientE.getId()); user.setClientName(clientE.getName()); int accessTokenValidity = clientE.getAccessTokenValidity() != null ? clientE.getAccessTokenValidity().intValue() : 3600; user.setClientAccessTokenValiditySeconds(accessTokenValidity); int refreshTokenValidity = clientE.getRefreshTokenValidity() != null ? clientE.getRefreshTokenValidity().intValue() : 3600; user.setClientRefreshTokenValiditySeconds(refreshTokenValidity); user.setClientAuthorizedGrantTypes(StringUtils .commaDelimitedListToSet(clientE.getAuthorizedGrantTypes())); user.setClientAutoApproveScopes(StringUtils.commaDelimitedListToSet(clientE.getAutoApprove())); user.setClientRegisteredRedirectUri(StringUtils .commaDelimitedListToSet(clientE.getWebServerRedirectUri())); user.setClientResourceIds(StringUtils.commaDelimitedListToSet(clientE.getResourceIds())); user.setClientScope(StringUtils.commaDelimitedListToSet(clientE.getScope())); String json = clientE.getAdditionalInformation(); if (json != null) { try { Map<String, Object> additionalInformation = mapper.readValue(json, Map.class); user.setAdditionInfo(additionalInformation); } catch (Exception e) { LOGGER.warn("parser addition info error: {}", e); } } //构建返回Principal (原Principal添加客户端及用户信息) UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken( user, ((OAuth2Authentication) principal).getCredentials(), ((OAuth2Authentication) principal).getAuthorities()); OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(((OAuth2Authentication) principal).getOAuth2Request(), usernamePasswordAuthenticationToken); copyDetails((OAuth2Authentication) principal, oAuth2Authentication); return oAuth2Authentication; } @Override public void addRouteRuleCode(CustomUserDetails customUserDetails) { RouteMemberRuleDTO record = new RouteMemberRuleDTO(); Long userId = customUserDetails.getUserId(); if (userId == null) { return; } record.setUserId(userId); RouteMemberRuleDTO routeMemberRule = routeMemberRuleMapper.selectOne(record); if (routeMemberRule == null) { return; } customUserDetails.setRouteRuleCode(routeMemberRule.getRouteRuleCode()); } /** * details复制 */ private void copyDetails(Authentication source, Authentication dest) { if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) { AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest; token.setDetails(source.getDetails()); } } }