时间戳

首页 > 解决方案 > Oauth 2 spring boot 客户端自定义配置

spring-boot - Oauth 2 spring boot 客户端自定义配置

问题描述

身份验证服务器使用传统术语,如 api_key 代替客户端 ID 和 api_secret 代替 client_secret 并且回调将包含如下参数 callbackurl/request_token="clksdnfvklcm" 而不是 code="nvckjlefdkm"$state="somestate" 并且没有状态参数我不知道如何正确地实现它,我尝试的方式有很多缺陷,以至于我创建了一个登录页面,在其中我为 oauth server/api_key=mcklfdms 之类的 oauth 服务器 uri 提供了一个链接,然后我在 oauth 过滤器之前创建了一个过滤器并重定向它格式正确,以便请求将转换为 oauth/code=cnjdsn 而不是 oauth/callback/request_token=cnjdsn 任何人都可以为我提供正确的方法来实现它

请求解析器

@Component
public class KiteAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    DefaultOAuth2AuthorizationRequestResolver defaultOAuth2AuthorizationRequestResolver;
    ClientRegistration clientRegistration;
    public KiteAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository,String authorizationBaseUri){
        this.defaultOAuth2AuthorizationRequestResolver=new DefaultOAuth2AuthorizationRequestResolver(
                clientRegistrationRepository,authorizationBaseUri);
        this.clientRegistration=clientRegistrationRepository.findByRegistrationId("kite");
    }
    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
        OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request);
        if(request!=null){
            return requestResolver(oAuth2AuthorizationRequest);
        }
        return null;
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
        OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request,clientRegistrationId);
        if(request!=null){
            return requestResolver(oAuth2AuthorizationRequest);
        }
        return null;
    }
    private OAuth2AuthorizationRequest requestResolver(OAuth2AuthorizationRequest request){
        Map<String,Object> parms=new HashMap<>();
        if(request.getAdditionalParameters()!=null){
            parms.putAll(request.getAdditionalParameters());
        }
        parms.put("api_key",this.clientRegistration.getClientId());
        OAuth2AuthorizationRequest oAuth2AuthorizationRequest=OAuth2AuthorizationRequest
                .from(request)
                .state("hello")
                .additionalParameters(parms)
                .build();
        return oAuth2AuthorizationRequest;
    }
}

筛选

package com.kumar.coingen.filter;

import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
@WebFilter(urlPatterns = "/oauth/code/kite")
@Order(-150)
public class AuthenticationFilter implements Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        if(!request.getParameter("code").isEmpty()){
            chain.doFilter(request,response);
        }
        String code=request.getParameter("request_token");
        HttpServletRequest servletRequest=(HttpServletRequest) request;
        HttpServletResponse servletResponse=(HttpServletResponse)response;
        servletResponse.sendRedirect(request.getServerName()+":"+request.getServerPort()+"/"+((HttpServletRequest) request).getServletPath()+"/code="+code+"&state=hello");
    }
}

**请让我知道是否可以在不使用过滤器重定向的情况下完成 **

标签: spring-bootoauth-2.0spring-security-oauth2

解决方案

推荐阅读