feat: 核心业务修复

flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java

@@ -3,6 +3,8 @@ package com.flyfish.framework.configuration.jwt;
 import com.flyfish.framework.service.MongoUserDetailsService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
@@ -32,7 +34,9 @@ public class JwtSecurityContextRepository implements ServerSecurityContextReposi
             return userDetailsService.findByUsername(userId)
                     .map(userDetails -> {
                         SecurityContextImpl securityContext = new SecurityContextImpl();
-                        securityContext.setAuthentication(tokenProvider.getAuthentication(userDetails));
+                        Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),
+                                userDetails.getAuthorities());
+                        securityContext.setAuthentication(authentication);
                         return securityContext;
                     });
         });

flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java

@@ -15,13 +15,16 @@ import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 import javax.annotation.Resource;
 import java.security.Key;
 import java.time.Duration;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.Date;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -142,12 +145,19 @@ public class TokenProvider implements InitializingBean {
     /**
      * token解析第一步，获取认证。此处通过claims就能知道token是哪个端的
      *
-     * @param userDetails 用户详情
+     * @param token token
      * @return 结果
      */
-    public Authentication getAuthentication(UserDetails userDetails) {
+    public Authentication getAuthentication(String token) {
-        return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),
+        Claims claims = parseToken(token);
-                userDetails.getAuthorities());
+        Collection<? extends GrantedAuthority> authorities =
+                Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(","))
+                        .filter(StringUtils::isNotBlank)
+                        .map(SimpleGrantedAuthority::new)
+                        .collect(Collectors.toList());
+
+        User principal = new User(claims.getSubject(), "", authorities);
+        return new UsernamePasswordAuthenticationToken(principal, token, authorities);
     }
 
     /**