🚧 add token authentication success or failure handler

weir2010 · Apr 11, 2019 · 8c00ad9 · 8c00ad9
1 parent 2fc62ea
commit 8c00ad9
Show file tree

Hide file tree

Showing 3 changed files with 136 additions and 0 deletions.
diff --git a/IOT-Guide-Token/src/main/java/com/sanshengshui/token/jwt/RefreshTokenRepository.java b/IOT-Guide-Token/src/main/java/com/sanshengshui/token/jwt/RefreshTokenRepository.java
@@ -0,0 +1,27 @@
+package com.sanshengshui.token.jwt;
+
+import com.sanshengshui.token.model.SecurityUser;
+import com.sanshengshui.token.model.token.JwtToken;
+import com.sanshengshui.token.model.token.JwtTokenFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+/**
+ * @Author: 穆书伟
+ * @Date: 19-4-11 下午2:51
+ * @Version 1.0
+ */
+@Component
+public class RefreshTokenRepository {
+
+    private final JwtTokenFactory tokenFactory;
+
+    @Autowired
+    public RefreshTokenRepository(final JwtTokenFactory tokenFactory) {
+        this.tokenFactory = tokenFactory;
+    }
+
+    public JwtToken requestRefreshToken(SecurityUser user) {
+        return tokenFactory.createRefreshToken(user);
+    }
+}
diff --git a/...oken/src/main/java/com/sanshengshui/token/rest/RestAwareAuthenticationFailureHandler.java b/...oken/src/main/java/com/sanshengshui/token/rest/RestAwareAuthenticationFailureHandler.java
@@ -0,0 +1,34 @@
+package com.sanshengshui.token.rest;
+
+import com.sanshengshui.token.exception.TokenErrorResponseHandler;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @Author: 穆书伟
+ * @Date: 19-4-11 下午2:32
+ * @Version 1.0
+ */
+@Component
+public class RestAwareAuthenticationFailureHandler implements AuthenticationFailureHandler  {
+
+    private final TokenErrorResponseHandler errorResponseHandler;
+
+    @Autowired
+    public RestAwareAuthenticationFailureHandler(TokenErrorResponseHandler errorResponseHandler) {
+        this.errorResponseHandler = errorResponseHandler;
+    }
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                        AuthenticationException e) throws IOException, ServletException {
+        errorResponseHandler.handle(e, response);
+    }
+}
diff --git a/...oken/src/main/java/com/sanshengshui/token/rest/RestAwareAuthenticationSuccessHandler.java b/...oken/src/main/java/com/sanshengshui/token/rest/RestAwareAuthenticationSuccessHandler.java
@@ -0,0 +1,75 @@
+package com.sanshengshui.token.rest;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.sanshengshui.token.jwt.RefreshTokenRepository;
+import com.sanshengshui.token.model.SecurityUser;
+import com.sanshengshui.token.model.token.JwtToken;
+import com.sanshengshui.token.model.token.JwtTokenFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Author: 穆书伟
+ * @Date: 19-4-11 下午2:53
+ * @Version 1.0
+ */
+@Component
+public class RestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+    private final ObjectMapper mapper;
+    private final JwtTokenFactory tokenFactory;
+    private final RefreshTokenRepository refreshTokenRepository;
+
+    @Autowired
+    public RestAwareAuthenticationSuccessHandler(final ObjectMapper mapper, final JwtTokenFactory tokenFactory, final RefreshTokenRepository refreshTokenRepository) {
+        this.mapper = mapper;
+        this.tokenFactory = tokenFactory;
+        this.refreshTokenRepository = refreshTokenRepository;
+    }
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
+        SecurityUser securityUser = (SecurityUser) authentication.getPrincipal();
+
+        JwtToken accessToken = tokenFactory.createAccessJwtToken(securityUser);
+        JwtToken refreshToken = refreshTokenRepository.requestRefreshToken(securityUser);
+
+        Map<String, String> tokenMap = new HashMap<String, String>();
+        tokenMap.put("token", accessToken.getToken());
+        tokenMap.put("refreshToken", refreshToken.getToken());
+
+        response.setStatus(HttpStatus.OK.value());
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        mapper.writeValue(response.getWriter(), tokenMap);
+
+        clearAuthenticationAttributes(request);
+    }
+
+    /**
+     * Removes temporary authentication-related data which may have been stored
+     * in the session during the authentication process..
+     *
+     */
+    protected final void clearAuthenticationAttributes(HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+
+        if (session == null) {
+            return;
+        }
+
+        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
+    }
+}