Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/spring-boot/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java SpringBoot-GoogleOAuth2,在数据库中存储刷新令牌_Java_Spring Boot_Spring Security_Spring Security Oauth2_Google Oauth - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java SpringBoot-GoogleOAuth2,在数据库中存储刷新令牌

Java SpringBoot-GoogleOAuth2,在数据库中存储刷新令牌

java spring-boot spring-security

Java SpringBoot-GoogleOAuth2,在数据库中存储刷新令牌,java,spring-boot,spring-security,spring-security-oauth2,google-oauth,Java,Spring Boot,Spring Security,Spring Security Oauth2,Google Oauth,我试图从登录到我的系统的用户那里获取刷新令牌,并将其存储在数据库中。因此,我的生态系统中的另一个系统可以访问存储的刷新令牌,使用它生成一个访问令牌,并将google日历api与用户凭据一起使用 到目前为止,我已经设法用 @Configuration public class AppConfig extends WebSecurityConfigurerAdapter { @Autowired private ClientRegistrationRepository clientR

我试图从登录到我的系统的用户那里获取刷新令牌,并将其存储在数据库中。因此,我的生态系统中的另一个系统可以访问存储的刷新令牌,使用它生成一个访问令牌,并将google日历api与用户凭据一起使用

到目前为止,我已经设法用

@Configuration
public class AppConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .authorizeRequests()
                .antMatchers("/**").authenticated()
                .anyRequest().permitAll()
                .and()
                .oauth2Login()
                .authorizationEndpoint()
                .authorizationRequestResolver(new CustomAuthorizationRequestResolver(
                        this.clientRegistrationRepository))
                .and()
                .and()
                .rememberMe();
    }
}



公共类CustomAuthorizationRequestResolver实现OAuth2AuthorizationRequestResolver{
私有最终OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
公共CustomAuthorizationRequestResolver(
ClientRegistrationRepository ClientRegistrationRepository){
此.defaultAuthorizationRequestResolver=
新的DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository,“/oauth2/authorization”);
}
@凌驾
公共OAuth2AuthorizationRequest解析(HttpServletRequest请求){
OAuth2AuthorizationRequest授权请求=
此.defaultAuthorizationRequestResolver.resolve(请求);
返回授权请求!=空?
customAuthorizationRequest(授权请求):
无效的
}
@凌驾
公共OAuth2AuthorizationRequest解析(
HttpServletRequest请求,字符串clientRegistrationId){
OAuth2AuthorizationRequest授权请求=
this.defaultAuthorizationRequestResolver.resolve(
请求,clientRegistrationId);
返回授权请求!=空?
customAuthorizationRequest(授权请求):
无效的
}
专用OAuth2AuthorizationRequest自定义授权请求(
OAuth2AuthorizationRequest(授权请求){
Map additionalParameters=new LinkedHashMap(authorizationRequest.getAdditionalParameters());
附加参数.put(“访问类型”、“脱机”);
返回OAuth2AuthorizationRequest.from(authorizationRequest)
.附加参数(附加参数)
.build();
}
}
如何以及在何处访问登录用户的刷新令牌?

我回答了一个类似的问题,但它在kotlin中,因此我将为您添加一个java版本

以下是获取刷新令牌的两种方法(或者更确切地说是获取刷新令牌的OAuth2AuthorizedClient)。你用哪一种取决于你的需要

  • 将代表请求用户的OAuth2AuthorizedClient注入并
    • @GetMapping(“/foo”)
void foo(@RegisteredOAuth2AuthorizedClient(“谷歌”)OAuth2AuthorizedClient用户){
OAuth2RefreshToken refreshToken=user.getRefreshToken();
}
  • 在请求上下文之外,您可以将
    OAuth2AuthorizedClient服务
    注入到托管组件中,并获得所需的
    OAuth2AuthorizedClient
    实例,该实例具有客户端注册id和主体名称:
    • @Autowired
专用OAuth2AuthorizedClient服务客户端服务;
公共图书馆{
OAuth2AuthorizedClient用户=clientService.loadAuthorizedClient(“谷歌”,“主体名称”);
OAuth2RefreshToken refreshToken=user.getRefreshToken();
}
    非常感谢Stav Shamir,这正是我需要的,一切都很顺利 
    
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;

    public CustomAuthorizationRequestResolver(
            ClientRegistrationRepository clientRegistrationRepository) {

        this.defaultAuthorizationRequestResolver =
                new DefaultOAuth2AuthorizationRequestResolver(
                        clientRegistrationRepository, "/oauth2/authorization");
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
        OAuth2AuthorizationRequest authorizationRequest =
                this.defaultAuthorizationRequestResolver.resolve(request);

        return authorizationRequest != null ?
        customAuthorizationRequest(authorizationRequest) :
        null;
    }

    @Override
    public OAuth2AuthorizationRequest resolve(
            HttpServletRequest request, String clientRegistrationId) {

        OAuth2AuthorizationRequest authorizationRequest =
                this.defaultAuthorizationRequestResolver.resolve(
                        request, clientRegistrationId);

        return authorizationRequest != null ?
        customAuthorizationRequest(authorizationRequest) :
        null;
    }

    private OAuth2AuthorizationRequest customAuthorizationRequest(
            OAuth2AuthorizationRequest authorizationRequest) {

        Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
        additionalParameters.put("access_type", "offline");

        return OAuth2AuthorizationRequest.from(authorizationRequest)
                .additionalParameters(additionalParameters)
                .build();
    }

}