Oauth 2春季启动客户端自定义配置

时间:2019-01-19 15:12:38

标签: spring-boot oauth-2.0 spring-security-oauth2

身份验证服务器使用api_key之类的传统术语代替client_secret来代替客户端ID和api_secret,并且回调将包含如下参数:callbackurl / request_token =“ clksdnfvklcm”而不是code =“ nvckjlefdkm” $ state =“ somestate”没有状态参数,我不知道如何正确实现 我尝试的方法存在很多缺陷,以至于我创建了一个登录页面,在该页面中我提供了oauthserver uri的链接(例如oauthserver / api_key = mcklfdms),然后在oauth过滤器之前创建了一个过滤器并以正确的格式重定向它,以便请求可以转换改为oauth / code = cnjdsn而不是oauth / callback / request_token = cnjdsn 谁能为我提供正确的实现方式

请求解析器

@Component
public class KiteAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    DefaultOAuth2AuthorizationRequestResolver defaultOAuth2AuthorizationRequestResolver;
    ClientRegistration clientRegistration;
    public KiteAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository,String authorizationBaseUri){
        this.defaultOAuth2AuthorizationRequestResolver=new DefaultOAuth2AuthorizationRequestResolver(
                clientRegistrationRepository,authorizationBaseUri);
        this.clientRegistration=clientRegistrationRepository.findByRegistrationId("kite");
    }
    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
        OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request);
        if(request!=null){
            return requestResolver(oAuth2AuthorizationRequest);
        }
        return null;
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
        OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request,clientRegistrationId);
        if(request!=null){
            return requestResolver(oAuth2AuthorizationRequest);
        }
        return null;
    }
    private OAuth2AuthorizationRequest requestResolver(OAuth2AuthorizationRequest request){
        Map<String,Object> parms=new HashMap<>();
        if(request.getAdditionalParameters()!=null){
            parms.putAll(request.getAdditionalParameters());
        }
        parms.put("api_key",this.clientRegistration.getClientId());
        OAuth2AuthorizationRequest oAuth2AuthorizationRequest=OAuth2AuthorizationRequest
                .from(request)
                .state("hello")
                .additionalParameters(parms)
                .build();
        return oAuth2AuthorizationRequest;
    }
}

过滤器

package com.kumar.coingen.filter;

import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
@WebFilter(urlPatterns = "/oauth/code/kite")
@Order(-150)
public class AuthenticationFilter implements Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        if(!request.getParameter("code").isEmpty()){
            chain.doFilter(request,response);
        }
        String code=request.getParameter("request_token");
        HttpServletRequest servletRequest=(HttpServletRequest) request;
        HttpServletResponse servletResponse=(HttpServletResponse)response;
        servletResponse.sendRedirect(request.getServerName()+":"+request.getServerPort()+"/"+((HttpServletRequest) request).getServletPath()+"/code="+code+"&state=hello");
    }
}

**请让我知道是否可以在不使用过滤器重定向的情况下完成**

0 个答案:

没有答案
相关问题
最新问题