• oauth2的简单介绍以及应用


    推荐阅读这篇文章:https://www.cnblogs.com/flashsun/p/7424071.html

     http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html

    下面是我实战中用到的案例:

        @GetMapping("/login")
        public String login(HttpServletRequest request, HttpServletResponse response) {
            
            HttpSession session = request.getSession();
            //判断session中是否存在UserInfo
            Object userInfo = session.getAttribute("UserInfo");
            if (userInfo == null) {
                //判断是否带有code参数
                String code = request.getParameter("code");
                if (code == null) {
                    try {
                        //重定向到授权服务器,获取到code参数
                        response.sendRedirect(AuthUtils.getAdminBackUrl(request));
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                    return null;
                } else {
                    try {
                        //code不为空,带着code去获取token值
                        URI uri = URI.create(AuthUtils.getAccessTokenUrl(code));
                        String template = restTemplate.getForObject(uri, String.class);
                        //Auth是自定义封装的实体类,封装的是从授权服务器返回的数据,有token和openid等参数
                        Auth auth = JSONObject.parseObject(template, Auth.class);
                        if (template == null) {
                            request.getSession().invalidate();
                            response.sendRedirect(AuthUtils.getAdminBackUrl(request));
                        }
                        assert template != null;
                        String access_token = auth.getData().get("access_token");
                        String open_id = auth.getData().get("openid");
                        //把返回的token和openid存入session中
                        session.setAttribute("access_token", access_token);
                        session.setAttribute("open_id", open_id);
                        logger.info("access_token:" + access_token);
                        //根据openid和token值去授权服务器获得用户信息,具体返回的什么信息看授权服务器
                        URI userUri = URI.create(AuthUtils.getUserInfoUrl(open_id, access_token));
                        String forObject = restTemplate.getForObject(userUri, String.class);
                        UserInfo info = JSONObject.parseObject(forObject, UserInfo.class);
                        if (info == null) {
                            request.getSession().invalidate();
                            response.sendRedirect(AuthUtils.getAdminBackUrl(request));
                        }
                        //把用户信息存入session中
                        session.setAttribute("UserInfo", info);
                    } catch (Exception e) {
                        request.getSession().invalidate();
                        try {
                            response.sendRedirect(AuthUtils.getAdminBackUrl(request));
                        } catch (IOException e1) {
                            e1.printStackTrace();
                        }
                        return null;
                    }
                }
            }
            return "login";
        }
    @Component
    public class AuthUtils {
    
        public static final String APP_USER_AUTH_WEB_URL = "http://demo.zhunedu.com/ca/oAuth/connect/webauth";
        public static final String APP_USER_AUTH_API_URL = "http://demo.zhunedu.com/ca/oAuth/api/";
    
    
        public static final String APP_SSL_APPID = "d36b2d9dbabb4fd09931b302a84b97a6"; //此处请填写您的应用ID
        public static final String APP_SSL_APPSECRET = "fxsjbz123456"; //此处请填写您的应用密钥
    
        /***
         * 获取code,拼接请求路径
         * @return
         */
        public static String getAdminBackUrl(HttpServletRequest request){
            HttpSession session = request.getSession();
            StringBuffer param = new StringBuffer(APP_USER_AUTH_WEB_URL);
            StringBuffer redirect_uri = request.getRequestURL();
            try {
                param.append("?redirect_uri=").append(java.net.URLEncoder.encode(redirect_uri.toString(),"UTF-8"));
            } catch (UnsupportedEncodingException e) {
                e.printStackTrace();
            }
            param.append("&state=").append(session.getId());
            param.append("&appid=").append(APP_SSL_APPID);
            param.append("&scope=").append("web_login");
            return param.toString();
        }
    
        /**
         * 获取toekn,拼接请求路径
         * @param code
         * @return
         */
        public static String getAccessTokenUrl(String code){
            StringBuffer tokenParam = new StringBuffer(APP_USER_AUTH_API_URL+"accessToken");
            tokenParam.append("?appid=").append(APP_SSL_APPID);
            tokenParam.append("&secret=").append(APP_SSL_APPSECRET);
            tokenParam.append("&grant_type=").append("authorization_code");
            tokenParam.append("&code=").append(code);
            return tokenParam.toString();
        }
    
        /**
         * 单点登录当前登录用户信息url
         */
        public static String getUserInfoUrl(String openid,String accessToken){
            StringBuffer param = new StringBuffer("http://demo.zhunedu.com/ca/oAuth/api/userInfo");
            param.append("?access_token=").append(accessToken);
            param.append("&openid=").append(openid);
            return param.toString();
        }
    }
  • 相关阅读:
    POJ
    CodeForces
    51Nod 1256 扩展欧几里得求乘法逆元
    SDUT 3917
    SDUT 3918
    从零开始实现asp.net MVC4框架网站的用户登录以及权限验证模块 详细教程
    bootstrap资料索引
    理解Login函数
    细说@Html.ActionLink()的用法
    RGB颜色对照表
  • 原文地址:https://www.cnblogs.com/sun2020/p/12735958.html
Copyright © 2020-2023  润新知