OAuth2.0授权码模式学习
2024-05-29 15:28:45
OAuth2.0授权码模式学习
四种授权方式
1,授权码模式
2,简化模式
3,密码模式
4,客户端模式
授权码模式
四种授权模式中最完成,最严密的授权。
(1)用户访问客户端,后者将前者导入认证服务器
(2)用户选择是否给予客户端授权
(3)假设用户给予授权,认证服务器将用户导向客户端事先指定的“重定向URL”(redirection URL),同时附上一个授权码。
(4)客户端收到授权码,附上早先的“重定向URL”,向认证服务器中申请令牌(assess token)和更新令牌(refresh token)
接入QQ登录的前置条件以及开放平台账号申请
引入官方SDK
--SDK参数配置
--SDK核心方法解读
服务端代码示例:
package com.flash.dataU.oauth.controller2;import com.flash.dataU.oauth.entity.User;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.apache.oltu.oauth2.rs.response.OAuthRSResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import java.net.URI;import static org.apache.oltu.oauth2.common.OAuth.*;@RequestMapping("/oauthserver")
@Controllerpublic class AuthorizeController {private Model model;private HttpServletRequest request;//向客户端返回授权许可码 code
@RequestMapping("/responseCode")public Object toShowUser(Model model, HttpServletRequest request){this.model = model;this.request = request;System.out.println("----------服务端/responseCode--------------------------------------------------------------");try {//构建OAuth授权请求
OAuthAuthzRequest oauthRequest =new OAuthAuthzRequest(request);/*oauthRequest.getClientId();oauthRequest.getResponseType();oauthRequest.getRedirectURI();System.out.println(oauthRequest.getClientId());System.out.println(oauthRequest.getResponseType());System.out.println(oauthRequest.getRedirectURI());*/if(oauthRequest.getClientId()!=null&&oauthRequest.getClientId()!=""){//设置授权码
String authorizationCode ="authorizationCode";//利用oauth授权请求设置responseType,目前仅支持CODE,另外还有TOKEN
String responseType =oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);//进行OAuth响应构建
OAuthASResponse.OAuthAuthorizationResponseBuilder builder =OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);//设置授权码
builder.setCode(authorizationCode);//得到到客户端重定向地址
String redirectURI =oauthRequest.getParam(OAUTH_REDIRECT_URI);//构建响应final OAuthResponse response =builder.location(redirectURI).buildQueryMessage();System.out.println("服务端/responseCode内,返回的回调路径:"+response.getLocationUri());System.out.println("----------服务端/responseCode--------------------------------------------------------------");String responceUri =response.getLocationUri();//根据OAuthResponse返回ResponseEntity响应
HttpHeaders headers =new HttpHeaders();try {headers.setLocation(new URI(response.getLocationUri()));} catch (Exception e) {// TODO Auto-generated catch block
e.printStackTrace();}return"redirect:"+responceUri;}} catch (Exception e) {e.printStackTrace();}System.out.println("----------服务端/responseCode--------------------------------------------------------------");return null;}//获取客户端的code码,向客户端返回access token
@RequestMapping(value="/responseAccessToken",method = RequestMethod.POST)public HttpEntity token(HttpServletRequest request){System.out.println("--------服务端/responseAccessToken-----------------------------------------------------------");OAuthIssuer oauthIssuerImpl=null;OAuthResponse response=null;//构建OAuth请求try {OAuthTokenRequest oauthRequest =new OAuthTokenRequest(request);String authCode =oauthRequest.getParam(OAuth.OAUTH_CODE);String clientSecret = oauthRequest.getClientSecret();if(clientSecret!=null||clientSecret!=""){//生成Access Token
oauthIssuerImpl =new OAuthIssuerImpl(new MD5Generator());final String accessToken =oauthIssuerImpl.accessToken();System.out.println(accessToken);System.out.println("--oooo---");//生成OAuth响应
response = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).buildJSONMessage();}System.out.println("--------服务端/responseAccessToken-----------------------------------------------------------");//根据OAuthResponse生成ResponseEntityreturn new ResponseEntity(response.getBody(), HttpStatus.valueOf(response.getResponseStatus()));} catch (OAuthSystemException e) {// TODO Auto-generated catch block
e.printStackTrace();} catch (OAuthProblemException e) {// TODO Auto-generated catch block
e.printStackTrace();}System.out.println("--------服务端/responseAccessToken-----------------------------------------------------------");return null;}// 向客户端返回请求资源(username)的controller方法
@RequestMapping("/userInfo")public HttpEntity userInfo(HttpServletRequest request)throws OAuthSystemException{System.out.println("-----------服务端/userInfo-------------------------------------------------------------");try {//获取客户端传来的OAuth资源请求
OAuthAccessResourceRequest oauthRequest =new OAuthAccessResourceRequest(request, ParameterStyle.QUERY);//获取Access Token
String accessToken =oauthRequest.getAccessToken();System.out.println("accessToken");//验证Access Token/*if (accessToken==null||accessToken=="") {// 如果不存在/过期了,返回未验证错误,需重新验证OAuthResponse oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED).setError(OAuthError.ResourceResponse.INVALID_TOKEN).buildHeaderMessage();HttpHeaders headers = new HttpHeaders();headers.add(OAuth.HeaderType.WWW_AUTHENTICATE,oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));return new ResponseEntity(headers, HttpStatus.UNAUTHORIZED);} *///返回用户名
User user=new User("小明");String username = accessToken+"---"+Math.random()+"----"+user.getUsername();System.out.println(username);System.out.println("服务端/userInfo::::::ppp");System.out.println("-----------服务端/userInfo----------------------------------------------------------");return new ResponseEntity(username, HttpStatus.OK);} catch (OAuthProblemException e) {// TODO Auto-generated catch block
e.printStackTrace();//检查是否设置了错误码
String errorCode =e.getError();if (OAuthUtils.isEmpty(errorCode)) {OAuthResponse oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED).buildHeaderMessage();HttpHeaders headers =new HttpHeaders();headers.add(OAuth.HeaderType.WWW_AUTHENTICATE,oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));return new ResponseEntity(headers, HttpStatus.UNAUTHORIZED);}OAuthResponse oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED).setError(e.getError()).setErrorDescription(e.getDescription()).setErrorUri(e.getUri()).buildHeaderMessage();HttpHeaders headers =new HttpHeaders();headers.add(OAuth.HeaderType.WWW_AUTHENTICATE,oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));System.out.println("-----------服务端/userInfo------------------------------------------------------------------------------");return new ResponseEntity(HttpStatus.BAD_REQUEST);}}}客户端代码示例:
package com.flash.dataU.oauth.controller2;import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;//接受客户端返回的code,提交申请access token的请求
@RequestMapping("/server")
@Controller
public class ServerController {String clientId = null;String clientSecret = null;String accessTokenUrl = null;String userInfoUrl = null;String redirectUrl = null;String response_type = null;String code= null;//提交申请code的请求
@RequestMapping("/requestServerCode")public String requestServerFirst() {clientId = "clientId";clientSecret = "clientSecret";accessTokenUrl = "responseCode";redirectUrl = "http://localhost:8081/server/callbackCode";response_type = "code";OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());String requestUrl = null;try {//构建oauthd的请求。设置请求服务地址(accessTokenUrl)、clientId、response_type、redirectUrl
OAuthClientRequest accessTokenRequest = OAuthClientRequest.authorizationLocation(accessTokenUrl).setResponseType(response_type).setClientId(clientId).setRedirectURI(redirectUrl).buildQueryMessage();requestUrl = accessTokenRequest.getLocationUri();System.out.println(requestUrl);} catch (Exception e) {e.printStackTrace();}System.out.println(requestUrl);return "redirect:http://localhost:8080/oauthserver/" + requestUrl;}//接受客户端返回的code,提交申请access token的请求
@RequestMapping("/callbackCode")public Object toLogin(HttpServletRequest request)throws OAuthProblemException{System.out.println("-----------客户端/callbackCode--------------------------------------------------------------------------------");clientId = "clientId";clientSecret = "clientSecret";accessTokenUrl="http://localhost:8080/oauthserver/responseAccessToken";userInfoUrl = "userInfoUrl";redirectUrl = "http://localhost:8081/server/accessToken";HttpServletRequest httpRequest = (HttpServletRequest)request;code = httpRequest.getParameter("code");System.out.println(code);OAuthClient oAuthClient =new OAuthClient(new URLConnectionClient());try {OAuthClientRequest accessTokenRequest = OAuthClientRequest.tokenLocation(accessTokenUrl).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(clientId).setClientSecret(clientSecret).setCode(code).setRedirectURI(redirectUrl).buildQueryMessage();//去服务端请求access token,并返回响应
OAuthAccessTokenResponse oAuthResponse =oAuthClient.accessToken(accessTokenRequest, OAuth.HttpMethod.POST);//获取服务端返回过来的access token
String accessToken = oAuthResponse.getAccessToken();//查看access token是否过期
Long expiresIn =oAuthResponse.getExpiresIn();System.out.println("客户端/callbackCode方法的token:::"+accessToken);System.out.println("-----------客户端/callbackCode--------------------------------------------------------------------------------");return"redirect:http://localhost:8081/server/accessToken?accessToken="+accessToken;} catch (OAuthSystemException e) {e.printStackTrace();}return null;}//接受服务端传回来的access token,由此token去请求服务端的资源(用户信息等)@RequestMapping("/accessToken")public ModelAndView accessToken(String accessToken ) {System.out.println("---------客户端/accessToken----------------------------------------------------------------------------------");userInfoUrl = "http://localhost:8080/oauthserver/userInfo";System.out.println("accessToken");OAuthClient oAuthClient =new OAuthClient(new URLConnectionClient());try {OAuthClientRequest userInfoRequest =new OAuthBearerClientRequest(userInfoUrl).setAccessToken(accessToken).buildQueryMessage();OAuthResourceResponse resourceResponse =oAuthClient.resource(userInfoRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);String username = resourceResponse.getBody();System.out.println(username);ModelAndView modelAndView =new ModelAndView("usernamePage");modelAndView.addObject("username",username);System.out.println("---------客户端/accessToken----------------------------------------------------------------------------------");return modelAndView;} catch (Exception e) {e.printStackTrace();}System.out.println("---------客户端/accessToken----------------------------------------------------------------------------------");return null;}
}转载于:https://www.cnblogs.com/ltian123/p/10457729.html
OAuth2.0授权码模式学习相关推荐
- oauth2.0授权码模式详解
Python微信订餐小程序课程视频 https://edu.csdn.net/course/detail/36074 Python实战量化交易理财系统 https://edu.csdn.net/cou ...
- OAuth2.0授权码模式原理与实战
OAuth2.0是目前比较流行的一种开源授权协议,可以用来授权第三方应用,允许在不将用户名和密码提供给第三方应用的情况下获取一定的用户资源,目前很多网站或APP基于微信或QQ的第三方登录方式都是基于O ...
- OAuth2.0授权码模式实战
OAuth2.0是目前比较流行的一种开源授权协议,可以用来授权第三方应用,允许在不将用户名和密码提供给第三方应用的情况下获取一定的用户资源,目前很多网站或APP基于微信或QQ的第三方登录方式都是基于O ...
- java 32位授权码_Java实现OAuth2.0授权码方式
Java实现OAuth2.0授权码方式 前面介绍了OAuth2.0和授权方式,可以参考以下文章: 今天就用Java来验证OAuth2.0授权方式的授权码式,我们Spring Cloud的OAuth来实 ...
- oauth2.0授权码_OAUTH 2.0授权码授予
oauth2.0授权码 OAuth 2.0提供了许多安全流程(或授权类型),以允许一个应用程序访问另一个应用程序中的用户数据. 在此博客中,我们将介绍OAuth 2.0授权:授权代码授权. 首先,有许 ...
- OAuth2.0授权码认证流程介绍
Oauth2授权模式 Oauth2授权模式 Oauth2有以下授权模式: 1.授权码模式(Authorization Code) 2.隐式授权模式(Implicit) 3.密码模式(Resource ...
- oauth2使用授权码模式(authorization code)获取access_token
oauth2获取access_token的几种方式: 简化模式(implicit):在redirect_url中传递access_token,oauth客户端运行在浏览器中. 密码模式(passwor ...
- OAuth2.0 授权码认证方式使用流程
第一步:获取授权码 /oauth/authorize?client_id=c1&response_type=code&scope=all&redirect_uri=http:/ ...
- OAuth2.0授权码/oauth/authorize接口调用unauthorized异常
调用/oauth/authorize接口时,代码首先进入org.springframework.web.method.support.InvocableHandlerMethod类的invokeFor ...
最新文章
- 条件变量为什么要和互斥锁一起用
- VSTS Code Analysis 错误 CA1014 CLSCompliantAttribute 及Suppress Message (镇压Code Ananlysis)...
- 计算机专业i7 7500u,8550U比7500U提升多少 8550U和7500U的区别-太平洋电脑网
- fortify扫描java_亲测有效的几种fortify扫描安全漏洞的解决方案
- 003 通过内存关系找万能按键call
- linux下 C编程改变输出字体颜色
- THINKPHP3.2+PHP5.3 配置MEMCACHE
- IClass与电源管理
- 前端学习(2215):认识react(2)
- Python程序从给定的N个数字中找到最大倍数
- 【计算机组成原理】指令格式
- matlab合成音乐原理,matlab 做音乐合成
- 师妹问我:如何在7分钟内彻底搞懂word2vec?
- Apache - 403错误
- [转]C++编译链接过程详解
- 全国计算机一级模拟考试电脑版,全国计算机等级考试一级计算机基础及MS Office应用模拟练习系统...
- 详解:Salesforce元数据支撑SASS架构设计
- 电磁场知识回顾——求解方法汇总
- 聊聊新西兰的工作和生活
- 想要成为大牛应该做到以下几点