Spring-Security-OAuth2服务器搭建之Acce
2017-07-08 本文已影响411人
彳亍路
前面一篇讲述了如何获取AccessToken,此文用于讲述怎么样检测AccessToken。为什么要检测AccessToken?废话,AccessToken是有时效性的,如果不检测,过时了的东西,你也敢用?比如馒头,反正我是不敢滴!下面都是在原项目的基础上加代码!
AccessToken的检测
1、根据token获取OAuth2AccessToken
2、根据token获取OAuth2Authentication
Talk is cheap,show me the code!Start Bow!
@RestController
@RequestMapping("/oauth")
public class TokenController {
/**
* 覆盖了 spring-security-oauth2 内部的 endpoint oauth2/check_token
* spring-security-oauth2 内部原有的该控制器 CheckTokenEndpoint,返回值,不符合自身业务要求,故覆盖之。
*/
@GetMapping("/check_token")
public OAuth2AccessToken getToken(@RequestParam(value = "token") String token){
OAuth2AccessToken oAuth2AccessToken = Oauth2Utils.checkTokenInOauth2Server(token);
return oAuth2AccessToken;
}
/**
* 获取当前token对应的用户主体的凭证信息(认证对象)
*/
@GetMapping("/getAuth")
public OAuth2Authentication getAuth(@RequestParam(value = "token") String token){
OAuth2Authentication oAuth2Authentication = Oauth2Utils.getAuthenticationInOauth2Server(token);
return oAuth2Authentication;
}
Oauth2Utils 工具类
public class Oauth2Utils {
/**
* oauth2 认证服务器直接处理校验请求的逻辑
* @param accessToken
* @return
*/
public static OAuth2AccessToken checkTokenInOauth2Server(String accessToken){
TokenStore tokenStore = (TokenStore) ApplicationSupport.getBean("tokenStore");
OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken);
return oAuth2AccessToken;
}
/**
* oauth2 认证服务器直接处理校验请求的逻辑
* @param accessToken
* @return
*/
public static OAuth2Authentication getAuthenticationInOauth2Server(String accessToken){
TokenStore tokenStore = (TokenStore) ApplicationSupport.getBean("tokenStore");
OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(accessToken);
return oAuth2Authentication;
}
}
ApplicationSupport工具类
/**
* 获取Spring容器管理的Bean对象,应用中配置参数
**/
@Component
public class ApplicationSupport implements DisposableBean, ApplicationContextAware {
private static ApplicationContext applicationContext;
// 获取配置文件参数值
public static String getParamVal(String paramKey){
return applicationContext.getEnvironment().getProperty(paramKey);
}
// 获取bean对象
public static Object getBean(String name) {
Assert.hasText(name);
return applicationContext.getBean(name);
}
public static <T> T getBean(Class<T> clazz) {
return applicationContext.getBean(clazz);
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
@Override
public void destroy() throws Exception {
applicationContext = null;
}
}
/oauth/check_token请求示意图如下:
获取OAuth2AccessToken
返回结果如下:
{
"access_token": "3548f870-6904-4493-95d0-762156baeeb1",
"token_type": "bearer",
"refresh_token": "19e79ffd-b43d-478a-8b8b-a91686a5d212",
"expires_in": 2390,
"scope": "read write"
}
/oauth/get_auth请求示意图如下:
获取认证信息OAuth2Authentication
返回结果如下:
{
"details": null,
"authorities": [
{
"authority": "USER"
}
],
"authenticated": true,
"userAuthentication": null,
"oauth2Request": {
"clientId": "client_auth_mode",
"scope": [
"read",
"write"
],
"requestParameters": {
"grant_type": "client_credentials"
},
"resourceIds": [],
"authorities": [
{
"authority": "USER"
}
],
"approved": true,
"refresh": false,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"grantType": "client_credentials",
"refreshTokenRequest": null
},
"principal": "client_auth_mode",
"credentials": "",
"clientOnly": true,
"name": "client_auth_mode"
}
1、参考上述OAuth2AccessToken与OAuth2Authentication对象,则可以根据业务需求,调用相应的接口,或者在此基础上,自定义开发。
2、代码中注释提到框架内部有个 CheckTokenEndpoint的控制器,而在该控制器中,也有个映射为oauth/check_token的处理方法,在此说明下,此中两个接口,是为了符合自身业务需求而设计,视情况而定。
3、CheckTokenEndpoint控制器接口,调用oauth/check_token?token=tokenValue请求返回结果如下:
{
"scope": [
"read",
"write"
],
"exp": 1499448676,
"authorities": [
"USER"
],
"client_id": "client_auth_mode"
}
大功告成
这样一个简单的OAuth2认证授权服务器就搭建好了!
Spring-Security-OAuth2服务器之搭建认证授权服务器[一]
Spring-Security-OAuth2服务器搭建之AccessToken的检测[二]
Spring-Security-OAuth2服务器搭建之资源服务器搭建[三]
Spring-Security-OAuth2资源服务器及SpringSecurity权限控制[四]
**惊不惊喜,意不意外!**
O(∩_∩)O
