spring-boot - Oauth 2 spring boot 客户端自定义配置
问题描述
身份验证服务器使用传统术语,如 api_key 代替客户端 ID 和 api_secret 代替 client_secret 并且回调将包含如下参数 callbackurl/request_token="clksdnfvklcm" 而不是 code="nvckjlefdkm"$state="somestate" 并且没有状态参数我不知道如何正确地实现它,我尝试的方式有很多缺陷,以至于我创建了一个登录页面,在其中我为 oauth server/api_key=mcklfdms 之类的 oauth 服务器 uri 提供了一个链接,然后我在 oauth 过滤器之前创建了一个过滤器并重定向它格式正确,以便请求将转换为 oauth/code=cnjdsn 而不是 oauth/callback/request_token=cnjdsn 任何人都可以为我提供正确的方法来实现它
请求解析器
@Component
public class KiteAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
DefaultOAuth2AuthorizationRequestResolver defaultOAuth2AuthorizationRequestResolver;
ClientRegistration clientRegistration;
public KiteAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository,String authorizationBaseUri){
this.defaultOAuth2AuthorizationRequestResolver=new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository,authorizationBaseUri);
this.clientRegistration=clientRegistrationRepository.findByRegistrationId("kite");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request);
if(request!=null){
return requestResolver(oAuth2AuthorizationRequest);
}
return null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request,clientRegistrationId);
if(request!=null){
return requestResolver(oAuth2AuthorizationRequest);
}
return null;
}
private OAuth2AuthorizationRequest requestResolver(OAuth2AuthorizationRequest request){
Map<String,Object> parms=new HashMap<>();
if(request.getAdditionalParameters()!=null){
parms.putAll(request.getAdditionalParameters());
}
parms.put("api_key",this.clientRegistration.getClientId());
OAuth2AuthorizationRequest oAuth2AuthorizationRequest=OAuth2AuthorizationRequest
.from(request)
.state("hello")
.additionalParameters(parms)
.build();
return oAuth2AuthorizationRequest;
}
}
筛选
package com.kumar.coingen.filter;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@WebFilter(urlPatterns = "/oauth/code/kite")
@Order(-150)
public class AuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if(!request.getParameter("code").isEmpty()){
chain.doFilter(request,response);
}
String code=request.getParameter("request_token");
HttpServletRequest servletRequest=(HttpServletRequest) request;
HttpServletResponse servletResponse=(HttpServletResponse)response;
servletResponse.sendRedirect(request.getServerName()+":"+request.getServerPort()+"/"+((HttpServletRequest) request).getServletPath()+"/code="+code+"&state=hello");
}
}
**请让我知道是否可以在不使用过滤器重定向的情况下完成 **
解决方案
推荐阅读
- sql - SQL在联接表中选择日期早于日期的记录
- ruby-on-rails - 当父级不存在时,如何从子级创建父记录?
- excel - 为什么 SendKey Enter 不能与 Chrome 浏览器一起使用
- reactjs - 直到按下 2 个“退格键”,TextInput 才意识到是空的
- bash - 具有资源相对位置的 npm 运行脚本资源
- java - While循环变量赋值给Runnable
- javascript - 是否可以使用 Dom 添加 Angular 的 html 元素?
- java - 代号一构建错误:包java.sql不存在
- entity-framework-core - 除了编译查询外,如何改进冷查询
- angular - 角度材料表排序 - 在 *ngIf 条件内时数据不排序