本文主要是介绍【OAuth2】:赋予用户控制权的安全通行证--代码模拟篇,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
🥳🥳Welcome Huihui's Code World ! !🥳🥳
接下来看看由辉辉所写的关于OAuth2的相关操作吧
上篇已经讲了oauth2的相关知识,详解了oauth2的四种授权模式中的授权码模式,那么这一篇我们就来讲一下授权码模式的代码实现,但是为了更好的讲解其中的相关知识点,这里用的是模拟代码【没有连接数据库进行验证】
目录
🥳🥳Welcome Huihui's Code World ! !🥳🥳
一.代码准备
1.client
1.1pom
1.2controller
2.resource-owner
2.1pom
2.2controller
3.1pom
3.2controller
4.resource-server
4.1pom
4.2controller
5.整体项目的pom依赖
二.授权码模式的模拟代码流程讲解
1.用户访问页面
2.访问的页面将请求重定向到认证服务器
3.认证服务器向用户展示授权页面,等待用户授权
4.用户授权完成
5.获取令牌(Token)
一.代码准备
1.client
1.1pom
<?xml version="1.0" encoding="UTF-8"?> <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.example</groupId><artifactId>client</artifactId><version>0.0.1-SNAPSHOT</version><name>client</name><description>client</description><parent><artifactId>Oauth</artifactId><groupId>org.example</groupId><version>1.0-SNAPSHOT</version></parent><dependencies><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.client</artifactId></dependency></dependencies><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration><source>1.8</source><target>1.8</target><encoding>UTF-8</encoding></configuration></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.4.1</version><configuration><mainClass>com.example.client.ClientApplication</mainClass></configuration><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>1.2controller
package com.example.client.controller;import lombok.extern.slf4j.Slf4j; import org.apache.oltu.oauth2.client.HttpClient; import org.apache.oltu.oauth2.client.OAuthClient; import org.apache.oltu.oauth2.client.URLConnectionClient; import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest; import org.apache.oltu.oauth2.client.request.OAuthClientRequest; import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse; import org.apache.oltu.oauth2.client.response.OAuthResourceResponse; import org.apache.oltu.oauth2.common.OAuth; import org.apache.oltu.oauth2.common.exception.OAuthProblemException; import org.apache.oltu.oauth2.common.exception.OAuthSystemException; import org.apache.oltu.oauth2.common.message.types.GrantType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody;import javax.servlet.http.HttpServletRequest;/*** 获取授权的控制器*/ @Controller @RequestMapping("/client") @SuppressWarnings("all") @Slf4j public class GetAuthorizationController {/*** 客户端: 8080* 资源拥有者: 8081* 认证服务器: 8082* 资源服务器: 8083*/private static String CLIENT_ID = "clientId";private static String CLIENT_SECRET = "clientSecret";private static String CODE_URL = "code";private static String RESPONSE_TYPE = "code";/*认证服务器地址*/private static String AUTH_SERVER_URL = "http://localhost:8082/authServer/token";/*资源拥有者地址*/private static String RESOURCE_OWNER_URL = "http://localhost:8081/owner/";/*资源服务器地址*/private static String RESOURCE_SERVER_URL = "http://localhost:8083/resourceServer/userinfo";/*授权码回调地址*/private static String CALLBACKCODE = "http://localhost:8080/client/callbackCode";/*获取资源地址*/private static String GETRESOURCE = "http://localhost:8080/client/getResource";/*** 客户向资源所有者获取授权码*/@GetMapping("/getCode")public String getCode() throws OAuthSystemException {// 创建OAuthClientRequest对象,设置授权码请求的相关参数OAuthClientRequest oAuthClientRequest = OAuthClientRequest.authorizationLocation(CODE_URL) // 授权码请求的授权服务器地址.setClientId(CLIENT_ID) // 设置客户端ID.setRedirectURI(CALLBACKCODE) // 设置重定向URI.setResponseType(RESPONSE_TYPE) // 设置响应类型为授权码.buildQueryMessage(); // 构建查询消息String uriString = oAuthClientRequest.getLocationUri(); // 获取授权码请求的URI字符串// 重定向到资源所有者,获取验证码return "redirect:" + RESOURCE_OWNER_URL + uriString;}/*** 1. 资源所有者在生成授权码之后,会回调该接口将授权码传回给客户* 2. 客户获取授权码之后,使用该接口向认证服务器申请令牌*/@RequestMapping("/callbackCode")public String callbackCode(HttpServletRequest request) throws OAuthSystemException, OAuthProblemException {// 从请求中获取授权码String code = request.getParameter("code");log.info(" --- 从资源拥有者获取code: {} -----------", code);// 创建OAuthClient对象,用于与认证服务器进行通信OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());// 创建OAuthClientRequest对象,设置令牌请求的相关参数OAuthClientRequest tokenRequest = OAuthClientRequest.tokenLocation(AUTH_SERVER_URL) // 令牌请求的认证服务器地址.setClientId(CLIENT_ID) // 设置客户端ID.setClientSecret(CLIENT_SECRET) // 设置客户端密钥.setGrantType(GrantType.AUTHORIZATION_CODE) // 设置授权类型为授权码.setCode(code) // 设置授权码.setRedirectURI(CALLBACKCODE) // 设置重定向URI.buildQueryMessage(); // 构建查询消息// 通过Code,向认证服务器申请令牌OAuthJSONAccessTokenResponse tokenResp = oAuthClient.accessToken(tokenRequest, OAuth.HttpMethod.POST); // 发送请求并获取响应// 从响应中获取访问令牌String accessToken = tokenResp.getAccessToken();log.info("客户获取的访问令牌:" + accessToken);return "redirect:" + GETRESOURCE + "?accessToken=" + accessToken;}/*** 使用令牌获取资源服务器中的数据*/@GetMapping("/getResource")@ResponseBodypublic String getResource(String accessToken) throws OAuthSystemException, OAuthProblemException {log.info("客户使用令牌向资源服务器获取数据 token = " + accessToken);// 创建OAuthClient对象,用于与资源服务器进行通信OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());// 创建OAuthClientRequest对象,设置用户信息请求的相关参数OAuthClientRequest userInfoRequest =new OAuthBearerClientRequest(RESOURCE_SERVER_URL) // 用户信息请求的资源服务器地址.setAccessToken(accessToken) // 设置访问令牌.buildHeaderMessage(); // 构建请求头消息// 向资源服务器发送请求并获取响应OAuthResourceResponse resourceResponse = oAuthClient.resource(userInfoRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);// 从响应中获取用户信息String userInfo = resourceResponse.getBody();log.info("客户获取的资源服务器的数据: " + userInfo);return userInfo;}}2.resource-owner
2.1pom
<?xml version="1.0" encoding="UTF-8"?> <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.example</groupId><artifactId>resource-owner</artifactId><version>0.0.1-SNAPSHOT</version><name>resource-owner</name><description>resource-owner</description><parent><artifactId>Oauth</artifactId><groupId>org.example</groupId><version>1.0-SNAPSHOT</version></parent><dependencies><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.authzserver</artifactId></dependency><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.resourceserver</artifactId></dependency></dependencies><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration><source>1.8</source><target>1.8</target><encoding>UTF-8</encoding></configuration></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.4.1</version><configuration><mainClass>com.example.owner.ResourceOwnerApplication</mainClass></configuration><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>2.2controller
package com.example.owner.controller;import lombok.extern.slf4j.Slf4j; import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest; import org.apache.oltu.oauth2.as.response.OAuthASResponse; import org.apache.oltu.oauth2.common.OAuth; import org.apache.oltu.oauth2.common.exception.OAuthProblemException; import org.apache.oltu.oauth2.common.exception.OAuthSystemException; import org.apache.oltu.oauth2.common.message.OAuthResponse; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;@Controller // 声明这是一个控制器类 @RequestMapping("/owner") // 设置请求映射路径为 /owner @Slf4j // 使用 Lombok 的 @Slf4j 注解,简化日志记录 @SuppressWarnings("all") // 忽略所有警告 public class CodeController {@GetMapping("/code") // 定义一个处理 GET 请求的方法,映射路径为 /codepublic String sendCode(HttpServletRequest request) {log.info("resource owner send code"); // 记录日志信息try {OAuthAuthzRequest oathReq = new OAuthAuthzRequest(request); // 从请求中获取 OAuthAuthzRequest 对象if (StringUtils.hasLength(oathReq.getClientId())) { // 如果客户端ID存在//设置授权码String code = "authorizationCode";String responseType = oathReq.getResponseType();//获取构建响应的对象OAuthASResponse.OAuthAuthorizationResponseBuilder builder =OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_OK);builder.setCode(code); // 设置授权码String redirectURI = oathReq.getParam(OAuth.OAUTH_REDIRECT_URI); // 获取重定向URIOAuthResponse oauthResp = builder.location(redirectURI).buildQueryMessage(); // 构建查询消息log.info("resource owner send code "); // 记录日志信息String uri = oauthResp.getLocationUri(); // 获取重定向URIreturn "redirect:" + uri; // 返回重定向URL}} catch (OAuthSystemException e) { // 捕获 OAuthSystemException 异常e.printStackTrace(); // 打印异常堆栈信息} catch (OAuthProblemException e) { // 捕获 OAuthProblemException 异常e.printStackTrace(); // 打印异常堆栈信息}return null; // 如果发生异常或客户端ID不存在,返回 null}}3.authorization-server
3.1pom
<?xml version="1.0" encoding="UTF-8"?> <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.example</groupId><artifactId>authorization-server</artifactId><version>0.0.1-SNAPSHOT</version><name>authorization-server</name><description>authorization-server</description><parent><artifactId>Oauth</artifactId><groupId>org.example</groupId><version>1.0-SNAPSHOT</version></parent><dependencies><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.authzserver</artifactId></dependency><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.resourceserver</artifactId></dependency></dependencies><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration><source>1.8</source><target>1.8</target><encoding>UTF-8</encoding></configuration></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.4.1</version><configuration><mainClass>com.example.authorization.AuthorizationServerApplication</mainClass></configuration><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>3.2controller
package com.example.authorization.controller;import lombok.extern.slf4j.Slf4j; import org.apache.oltu.oauth2.as.issuer.MD5Generator; import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl; import org.apache.oltu.oauth2.as.request.OAuthTokenRequest; import org.apache.oltu.oauth2.as.response.OAuthASResponse; import org.apache.oltu.oauth2.common.exception.OAuthProblemException; import org.apache.oltu.oauth2.common.exception.OAuthSystemException; import org.apache.oltu.oauth2.common.message.OAuthResponse; import org.springframework.http.HttpEntity; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;@Controller // 声明这是一个控制器类 @RequestMapping("/authServer") // 设置请求映射路径为 /authServer @Slf4j // 使用 Lombok 的 @Slf4j 注解,简化日志记录 @SuppressWarnings("all") // 忽略所有警告 public class AuthController {@PostMapping("/token") // 定义一个处理 POST 请求的方法,映射路径为 /tokenpublic HttpEntity getAccessToken(HttpServletRequest request) throws OAuthProblemException, OAuthSystemException {log.info("认证服务器,接收到客户的令牌请求 .... "); // 记录日志信息OAuthTokenRequest tokenReq = new OAuthTokenRequest(request); // 从请求中获取 OAuthTokenRequest 对象String clientSecret = tokenReq.getClientSecret(); // 获取客户端密钥if (StringUtils.hasLength(clientSecret)) { // 如果客户端密钥存在OAuthIssuerImpl oAuthIssuer = new OAuthIssuerImpl(new MD5Generator()); // 创建一个 OAuthIssuerImpl 对象,使用 MD5Generator 生成签名算法String token = oAuthIssuer.accessToken(); // 生成访问令牌log.info("token = " + token); // 记录日志信息//构造保护令牌的响应对象OAuthResponse oAuthResponse = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK) // 设置响应状态码为 200 OK.setAccessToken(token) // 设置访问令牌.buildJSONMessage(); // 构建 JSON 格式的响应消息return new ResponseEntity(oAuthResponse.getBody(), HttpStatus.valueOf(oAuthResponse.getResponseStatus())); // 返回响应实体}return null; // 如果客户端密钥不存在,返回 null}}4.resource-server
4.1pom
<?xml version="1.0" encoding="UTF-8"?> <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.example</groupId><artifactId>resource-server</artifactId><version>0.0.1-SNAPSHOT</version><name>resource-server</name><description>resource-server</description><parent><artifactId>Oauth</artifactId><groupId>org.example</groupId><version>1.0-SNAPSHOT</version></parent><dependencies><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.authzserver</artifactId></dependency><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.resourceserver</artifactId></dependency></dependencies><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration><source>1.8</source><target>1.8</target><encoding>UTF-8</encoding></configuration></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.4.1</version><configuration><mainClass>com.example.resource.ResourceServerApplication</mainClass></configuration><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>4.2controller
package com.example.resource.controller;import org.apache.oltu.oauth2.common.exception.OAuthProblemException; import org.apache.oltu.oauth2.common.exception.OAuthSystemException; import org.apache.oltu.oauth2.common.message.types.ParameterStyle; import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController;import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.Map;@RestController // 声明这是一个控制器类 @RequestMapping("/resourceServer") // 设置请求映射路径为 /resourceServer @SuppressWarnings("all") // 忽略所有警告 public class UserController {@GetMapping("/userinfo") // 定义一个处理 GET 请求的方法,映射路径为 /userinfopublic Object getUserInfo(HttpServletRequest request) throws OAuthProblemException, OAuthSystemException {// 创建一个 OAuthAccessResourceRequest 对象,用于处理 OAuth 认证请求OAuthAccessResourceRequest oAuthAccessResourceRequest = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);// 获取访问令牌String accessToken = oAuthAccessResourceRequest.getAccessToken();// 创建一个 Map 对象,用于存储用户信息Map<String, Object> map = new HashMap<>();// 向 Map 中添加用户信息map.put("name", "zhengsuanfeng");map.put("phone", "13576472774");map.put("addr", "长沙岳麓区");// 返回用户信息return map;}}5.整体项目的pom依赖
<?xml version="1.0" encoding="UTF-8"?> <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://maven.apache.org/POM/4.0.0"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>org.example</groupId><artifactId>Oauth</artifactId><version>1.0-SNAPSHOT</version><packaging>pom</packaging><modules><module>client</module><module>resource-owner</module><module>authorization-server</module><module>resource-server</module></modules><properties><oauth2.version>0.31</oauth2.version><java.version>1.8</java.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding><spring-boot.version>2.4.1</spring-boot.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency></dependencies><dependencyManagement><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>${spring-boot.version}</version><type>pom</type><scope>import</scope></dependency><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.client</artifactId><version>${oauth2.version}</version></dependency><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.authzserver</artifactId><version>${oauth2.version}</version></dependency><dependency><groupId>org.apache.oltu.oauth2</groupId><artifactId>org.apache.oltu.oauth2.resourceserver</artifactId><version>${oauth2.version}</version></dependency></dependencies></dependencyManagement></project>
二.授权码模式的模拟代码流程讲解
1.用户访问页面
2.访问的页面将请求重定向到认证服务器
3.认证服务器向用户展示授权页面,等待用户授权
4.用户授权完成
认证服务器带上client_id发送给应用服务器资源服务器➡生成一个code
然后,用户拿到code
5.获取令牌(Token)
将code、client_id、client_secret传给认证服务器换取access_token
6.将access_token传给资源服务器
7.验证token,访问真正的资源页面
拿到数据
好啦,今天的分享就到这了,希望能够帮到你呢!😊😊
这篇关于【OAuth2】:赋予用户控制权的安全通行证--代码模拟篇的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
