如何通过spring security创建oauth 2用户名密码流
我试图在spring security上实现oauth2用户名密码流 但是我找不到任何文档和示例代码 我正在检查oauth2样品中的Sparkr和tonr 如何实现oauth2-legged 如何禁用登录表单如何通过spring security创建oauth 2用户名密码流,spring,authentication,spring-security,oauth-2.0,Spring,Authentication,Spring Security,Oauth 2.0,我试图在spring security上实现oauth2用户名密码流 但是我找不到任何文档和示例代码 我正在检查oauth2样品中的Sparkr和tonr 如何实现oauth2-legged 如何禁用登录表单 <form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp" login-processing-url=
<form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp"
login-processing-url="/login.do" />
<logout logout-success-url="/index.jsp" logout-url="/logout.do" />
<anonymous />
<custom-filter ref="oauth2ProviderFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>
默认Sparkr还支持用户名和密码流, 这很简单,只需编写客户端,如下所示: 我终于成功了
<form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp"
login-processing-url="/login.do" />
<logout logout-success-url="/index.jsp" logout-url="/logout.do" />
<anonymous />
<custom-filter ref="oauth2ProviderFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>
public class App {
private static RestTemplate client=getRestTemplate();
private static int DEFAULT_PORT = 8080;
private static String DEFAULT_HOST = "localhost";
private static int port=DEFAULT_PORT;
private static String hostName = DEFAULT_HOST;
public static void main(String[] args) throws IOException {
try {
testHappyDayWithForm();
} catch (Exception ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
}
}
public static void testHappyDayWithForm() throws Exception {
MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
formData.add("grant_type", "password");
formData.add("client_id", "my-trusted-client");
formData.add("scope", "read");
formData.add("username", "muhammed");
formData.add("password", "1234");
ResponseEntity<String> response = postForString("/sparklr/oauth/token", formData);
System.out.println( response.getStatusCode());
System.out.println(response.getHeaders().getFirst("Cache-Control"));
DefaultOAuth2SerializationService serializationService = new DefaultOAuth2SerializationService();
OAuth2AccessToken accessToken = serializationService.deserializeJsonAccessToken(new ByteArrayInputStream(
response.getBody().getBytes()));
// now try and use the token to access a protected resource.
// first make sure the resource is actually protected.
//assertNotSame(HttpStatus.OK, serverRunning.getStatusCode("/sparklr/photos?format=json"));
// now make sure an authorized request is valid.
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, accessToken.getValue()));
//assertEquals(HttpStatus.OK, serverRunning.getStatusCode("/sparklr/photos?format=json", headers));
}
public static ResponseEntity<String> postForString(String path, MultiValueMap<String, String> formData) {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_FORM_URLENCODED));
System.out.println(getUrl(path));
return client.exchange(getUrl(path), HttpMethod.POST, new HttpEntity<MultiValueMap<String, String>>(formData,
headers), String.class);
}
public static String getUrl(String path) {
if (!path.startsWith("/")) {
path = "/" + path;
}
return "http://" + hostName + ":" + port + path;
}
public static RestTemplate getRestTemplate() {
RestTemplate client = new RestTemplate();
CommonsClientHttpRequestFactory requestFactory = new CommonsClientHttpRequestFactory() {
@Override
protected void postProcessCommonsHttpMethod(HttpMethodBase httpMethod) {
httpMethod.setFollowRedirects(false);
// We don't want stateful conversations for this test
httpMethod.getParams().setCookiePolicy(CookiePolicy.IGNORE_COOKIES);
}
};
client.setRequestFactory(requestFactory);
client.setErrorHandler(new ResponseErrorHandler() {
// Pass errors through in response entity for status code analysis
public boolean hasError(ClientHttpResponse response) throws IOException {
return false;
}
public void handleError(ClientHttpResponse response) throws IOException {
}
});
return client;
}
公共类应用程序{
私有静态RestTemplate客户端=getRestTemplate();
专用静态int默认_端口=8080;
私有静态字符串DEFAULT\u HOST=“localhost”;
专用静态int端口=默认_端口;
私有静态字符串hostName=默认\u主机;
公共静态void main(字符串[]args)引发IOException{
试一试{
testHappyDayWithForm();
}捕获(例外情况除外){
Logger.getLogger(App.class.getName()).log(Level.SEVERE,null,ex);
}
}
公共静态void testHappyDayWithForm()引发异常{
MultiValueMap formData=新链接的MultiValueMap();
添加(“授权类型”、“密码”);
添加(“客户id”、“我的可信客户”);
添加(“范围”、“读取”);
添加(“用户名”、“穆罕默德”);
formData.add(“密码”、“1234”);
ResponseEntity response=postForString(“/sparkr/oauth/token”,formData);
System.out.println(response.getStatusCode());
System.out.println(response.getHeaders().getFirst(“缓存控制”);
DefaultOAuth2SerializationService serializationService=新的DefaultOAuth2SerializationService();
OAuth2AccessToken accessToken=serializationService.deserializeJsonAccessToken(新的ByteArrayInputStream(
response.getBody().getBytes());
//现在尝试使用令牌访问受保护的资源。
//首先,确保资源确实受到保护。
//assertNotSame(HttpStatus.OK,serverRunning.getStatusCode(“/sparkr/photos?format=json”);
//现在确保授权请求有效。
HttpHeaders=新的HttpHeaders();
headers.set(“Authorization”,String.format(“%s%s”,OAuth2AccessToken.BEARER_TYPE,accessToken.getValue());
//assertEquals(HttpStatus.OK,serverRunning.getStatusCode(“/sparkr/photos?format=json”,headers));
}
公共静态响应postForString(字符串路径,多值映射formData){
HttpHeaders=新的HttpHeaders();
setAccept(Arrays.asList(MediaType.APPLICATION\u FORM\u URLENCODED));
System.out.println(getUrl(path));
返回client.exchange(getUrl(path)、HttpMethod.POST、新的HttpEntity(formData、,
头)、字符串、类);
}
公共静态字符串getUrl(字符串路径){
如果(!path.startsWith(“/”){
path=“/”+路径;
}
返回“http://”+hostName+:“+port+path;
}
公共静态RestTemplate getRestTemplate(){
RestTemplate客户端=新建RestTemplate();
CommonClientHttPrequestFactory requestFactory=新的CommonClientHttPrequestFactory(){
@凌驾
受保护的无效后处理CommonsHttpMethod(HttpMethodBase httpMethod){
httpMethod.setFollowRedirects(false);
//此测试不需要有状态的对话
httpMethod.getParams().setCookiePolicy(CookiePolicy.IGNORE_COOKIES);
}
};
client.setRequestFactory(requestFactory);
setErrorHandler(新的ResponseErrorHandler(){
//通过响应实体传递错误以进行状态代码分析
公共布尔值hasError(ClientHttpResponse响应)引发IOException{
返回false;
}
public void handleError(ClientHttpResponse响应)引发IOException{
}
});
返回客户;
}