@RequestMapping("/oauth")
@Controller
public class OauthController {
String clientId = "clientId";
String clientSecret = "clientSecret";
String response_type = "code";
String authorizationCode = "authorizationCode";
String redirectUrlPage = "redirectUrlPage";
/**
* 請求通過憑證地址
*/
String getAccessTokenURL = "http://localhost:8080/subaccountServer/oauth/getAccessToken";
/**
* 請求資源地址
*/
String userInfoUrl = "http://localhost:8080/subaccountServer/oauth/getResource";
/**
* 重定向到請求 授權碼的url
* @return
* @throws Exception
*/
@RequestMapping("/redirectToRequestAuthorizationCodeURL")
public String redirectToRequestAuthorizationCodeURL() throws Exception {
String url = "getAuthorizationCode";
// accessTokenRequest 是用來描述請求對象的,描述了請求地址,和請求參數
OAuthClientRequest accessTokenRequest = OAuthClientRequest.authorizationLocation(url)
.setResponseType(response_type).setClientId(clientId).setRedirectURI( redirectUrlPage ).buildQueryMessage();
return "redirect:" + accessTokenRequest.getLocationUri();
}
/**
* 返回授權碼
* @param model
* @param request
* @return
* @throws Exception
*/
@RequestMapping("/getAuthorizationCode")
public Object getAuthorizationCode(Model model, HttpServletRequest request) throws Exception {
OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request);
String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI);
String clientId = oauthRequest.getClientId();
String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);
//得到數據以后應該檢查數據
//把 state 寫到一個 重定向的響應
OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);
builder.setCode(authorizationCode);
OAuthResponse response = builder.location(redirectURI).buildQueryMessage();
return "redirect:" + response.getLocationUri();
}
/**
* 請求通過憑證
* @param request
* @return
* @throws Exception
*/
@RequestMapping("/redirectUrlPage")
public Object redirectUrlPage(HttpServletRequest request) throws Exception {
String code = request.getParameter("code");
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthClientRequest accessTokenRequest = OAuthClientRequest.tokenLocation(getAccessTokenURL)
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId(clientId)
.setClientSecret(clientSecret)
.setCode(code)
.setRedirectURI(redirectUrlPage)
.buildQueryMessage();
OAuthAccessTokenResponse oAuthResponse = oAuthClient.accessToken(accessTokenRequest, OAuth.HttpMethod.POST);
//得到通過憑證和過期時間
String accessToken = oAuthResponse.getAccessToken();
Long expiresIn = oAuthResponse.getExpiresIn();
return "redirect:requestResourcePage?accessToken=" + accessToken;
}
/**
* 返回通過憑證
* @param request
* @return
* @throws Exception
*/
@RequestMapping(value = "/getAccessToken", method = RequestMethod.POST)
public HttpEntity<String> getAccessToken(HttpServletRequest request) throws Exception {
// 構建OAuth請求
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
String authCode = oauthRequest.getParam(OAuth.OAUTH_CODE);
String clientSecret = oauthRequest.getClientSecret();
//應該驗證授權碼
// 生成Access Token
OAuthIssuer oauthIssuer = new OAuthIssuerImpl(new MD5Generator());
String accessToken = oauthIssuer.accessToken();
OAuthResponse response = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setExpiresIn("120").buildJSONMessage();
return new ResponseEntity<String>(response.getBody(), HttpStatus.valueOf(response.getResponseStatus()));
}
/**
* 請求資源
* @param accessToken
* @return
* @throws Exception
*/
@RequestMapping("/requestResourcePage")
@ResponseBody
public String requestResourcePage(String accessToken) throws Exception {
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthClientRequest userInfoRequest = new OAuthBearerClientRequest(userInfoUrl).setAccessToken(accessToken).buildQueryMessage();
OAuthResourceResponse resourceResponse = oAuthClient.resource(userInfoRequest, OAuth.HttpMethod.GET,OAuthResourceResponse.class);
String resource = resourceResponse.getBody();
return resource;
}
/**
* 返回資源
* @param request
* @return
* @throws Exception
*/
@RequestMapping("/getResource")
public HttpEntity<String> getResource(HttpServletRequest request) throws Exception {
OAuthAccessResourceRequest oauthRequest = new OAuthAccessResourceRequest(request, ParameterStyle.QUERY);
String accessToken = oauthRequest.getAccessToken();
//這里應該驗證accessToken
return new ResponseEntity<String>("我就是資源", HttpStatus.OK);
}
}
需要的oauth 依賴:
<dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.client</artifactId> <version>1.0.1</version> </dependency> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.authzserver</artifactId> <version>1.0.1</version> </dependency> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.resourceserver</artifactId> <version>1.0.1</version> </dependency>
備注1:一個程序模擬了 三個服務器端 ,一個 客戶端。 可能比較難懂
備注2: 省略了驗證用戶信息,授權碼,通過憑證的 邏輯。
oauth 請求邏輯圖 https://www.cnblogs.com/cxygg/p/9503032.html