@RequestMapping("/oauth")
@Controller
public class OauthController {
String clientId = "clientId";
String clientSecret = "clientSecret";
String response_type = "code";
String authorizationCode = "authorizationCode";
String redirectUrlPage = "redirectUrlPage";
/**
* 请求通过凭证地址
*/
String getAccessTokenURL = "http://localhost:8080/subaccountServer/oauth/getAccessToken";
/**
* 请求资源地址
*/
String userInfoUrl = "http://localhost:8080/subaccountServer/oauth/getResource";
/**
* 重定向到请求 授权码的url
* @return
* @throws Exception
*/
@RequestMapping("/redirectToRequestAuthorizationCodeURL")
public String redirectToRequestAuthorizationCodeURL() throws Exception {
String url = "getAuthorizationCode";
// accessTokenRequest 是用来描述请求对象的,描述了请求地址,和请求参数
OAuthClientRequest accessTokenRequest = OAuthClientRequest.authorizationLocation(url)
.setResponseType(response_type).setClientId(clientId).setRedirectURI( redirectUrlPage ).buildQueryMessage();
return "redirect:" + accessTokenRequest.getLocationUri();
}
/**
* 返回授权码
* @param model
* @param request
* @return
* @throws Exception
*/
@RequestMapping("/getAuthorizationCode")
public Object getAuthorizationCode(Model model, HttpServletRequest request) throws Exception {
OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request);
String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI);
String clientId = oauthRequest.getClientId();
String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);
//得到数据以后应该检查数据
//把 state 写到一个 重定向的响应
OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);
builder.setCode(authorizationCode);
OAuthResponse response = builder.location(redirectURI).buildQueryMessage();
return "redirect:" + response.getLocationUri();
}
/**
* 请求通过凭证
* @param request
* @return
* @throws Exception
*/
@RequestMapping("/redirectUrlPage")
public Object redirectUrlPage(HttpServletRequest request) throws Exception {
String code = request.getParameter("code");
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthClientRequest accessTokenRequest = OAuthClientRequest.tokenLocation(getAccessTokenURL)
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId(clientId)
.setClientSecret(clientSecret)
.setCode(code)
.setRedirectURI(redirectUrlPage)
.buildQueryMessage();
OAuthAccessTokenResponse oAuthResponse = oAuthClient.accessToken(accessTokenRequest, OAuth.HttpMethod.POST);
//得到通过凭证和过期时间
String accessToken = oAuthResponse.getAccessToken();
Long expiresIn = oAuthResponse.getExpiresIn();
return "redirect:requestResourcePage?accessToken=" + accessToken;
}
/**
* 返回通过凭证
* @param request
* @return
* @throws Exception
*/
@RequestMapping(value = "/getAccessToken", method = RequestMethod.POST)
public HttpEntity<String> getAccessToken(HttpServletRequest request) throws Exception {
// 构建OAuth请求
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
String authCode = oauthRequest.getParam(OAuth.OAUTH_CODE);
String clientSecret = oauthRequest.getClientSecret();
//应该验证授权码
// 生成Access Token
OAuthIssuer oauthIssuer = new OAuthIssuerImpl(new MD5Generator());
String accessToken = oauthIssuer.accessToken();
OAuthResponse response = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setExpiresIn("120").buildJSONMessage();
return new ResponseEntity<String>(response.getBody(), HttpStatus.valueOf(response.getResponseStatus()));
}
/**
* 请求资源
* @param accessToken
* @return
* @throws Exception
*/
@RequestMapping("/requestResourcePage")
@ResponseBody
public String requestResourcePage(String accessToken) throws Exception {
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthClientRequest userInfoRequest = new OAuthBearerClientRequest(userInfoUrl).setAccessToken(accessToken).buildQueryMessage();
OAuthResourceResponse resourceResponse = oAuthClient.resource(userInfoRequest, OAuth.HttpMethod.GET,OAuthResourceResponse.class);
String resource = resourceResponse.getBody();
return resource;
}
/**
* 返回资源
* @param request
* @return
* @throws Exception
*/
@RequestMapping("/getResource")
public HttpEntity<String> getResource(HttpServletRequest request) throws Exception {
OAuthAccessResourceRequest oauthRequest = new OAuthAccessResourceRequest(request, ParameterStyle.QUERY);
String accessToken = oauthRequest.getAccessToken();
//这里应该验证accessToken
return new ResponseEntity<String>("我就是资源", HttpStatus.OK);
}
}
需要的oauth 依赖:
<dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.client</artifactId> <version>1.0.1</version> </dependency> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.authzserver</artifactId> <version>1.0.1</version> </dependency> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.resourceserver</artifactId> <version>1.0.1</version> </dependency>
备注1:一个程序模拟了 三个服务器端 ,一个 客户端。 可能比较难懂
备注2: 省略了验证用户信息,授权码,通过凭证的 逻辑。
oauth 请求逻辑图 https://www.cnblogs.com/cxygg/p/9503032.html