admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-06 08:59:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

!52 当已存在token时也需要保存visited到当前session呀

Browse Source 
Merge pull request !52 from zwj/N/A
This commit is contained in:
MaxKeyTop 2025-01-23 01:36:19 +00:00 committed by Gitee
commit fcffab39df
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/token/DefaultTokenServices.java
View File

@ -91,6 +91,23 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
Assert.notNull(tokenStore, "tokenStore must be set");
}
private void saveVisited(OAuth2Authentication authentication, OAuth2AccessToken accessToken) {
//存储oauthoidc等的token,用户退出时清除
if(authentication.getUserAuthentication().getPrincipal() instanceof SignPrincipal principal) {
_logger.debug("{}({}) , session {} access for logout clear ",
principal.getUsername(),principal.getUserId(),principal.getSessionId());
String clientId = authentication.getOAuth2Request().getRequestParameters().get(OAuth2Constants.PARAMETER.CLIENT_ID);
_logger.debug("client_id {} token {}",clientId, accessToken);
Apps app = appsService.get(clientId, true);
VisitedDto visited = new VisitedDto(app,principal.getSessionId());
visited.setToken(accessToken.getValue());
if (Objects.nonNull(accessToken.getRefreshToken())) {
visited.setRefreshToken(accessToken.getRefreshToken().getValue());
}
sessionManager.visited(principal.getSessionId(), visited);
}
}
@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
@ -110,6 +127,7 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
else {
// Re-store the access token in case the authentication has changed
tokenStore.storeAccessToken(existingAccessToken, authentication);
saveVisited(authentication, existingAccessToken);
return enhancerToken(existingAccessToken, authentication);
}
}
@ -138,21 +156,7 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
if (refreshToken != null) {
tokenStore.storeRefreshToken(refreshToken, authentication);
}
//存储oauthoidc等的token,用户退出时清除
if(authentication.getUserAuthentication().getPrincipal() instanceof SignPrincipal principal) {
_logger.debug("{}({}) , session {} access for logout clear ",
principal.getUsername(),principal.getUserId(),principal.getSessionId());
String clientId = authentication.getOAuth2Request().getRequestParameters().get(OAuth2Constants.PARAMETER.CLIENT_ID);
_logger.debug("client_id {} token {}",clientId,accessToken);
Apps app = appsService.get(clientId, true);
VisitedDto visited = new VisitedDto(app,principal.getSessionId());
visited.setToken(accessToken.getValue());
//TODO: RefreshToken null
if (refreshToken != null) {
visited.setRefreshToken(accessToken.getRefreshToken().getValue());
}
sessionManager.visited(principal.getSessionId(), visited);
}
saveVisited(authentication, accessToken);
return accessToken;
}