本文介绍了我如何通过Spring Security创建OAuth 2用户名密码流的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试在Spring Security上实现oauth2用户名密码流但我找不到任何文档和示例代码我正在查看sparklr和tonr insode oauth2示例我如何实现它oauth2 2腿我如何禁用登录表单

i am trying to implement oauth2 username password flow on spring securitybut i cant find any documentation and sample code i am going over sparklr and tonr insode oauth2 sampleshow can i implement it oauth2 2 legged how can i disable login form

    <form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp"
        login-processing-url="/login.do" />
    <logout logout-success-url="/index.jsp" logout-url="/logout.do" />
    <anonymous />
    <custom-filter ref="oauth2ProviderFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>

推荐答案

默认的sparklr还支持用户名和密码流,这很容易,您只需要编写client客户端,如下所示:我最终成功了;

The default sparklr also supports username and password flow also,it is easy, you need to write only client client is shown below:i succeeded in the end;

public class App {

private static RestTemplate client=getRestTemplate();

    private static int DEFAULT_PORT = 8080;

private static String DEFAULT_HOST = "localhost";

private static int port=DEFAULT_PORT;

private static String hostName = DEFAULT_HOST;


 public static  void main(String[] args) throws IOException {
    try {
        testHappyDayWithForm();
    } catch (Exception ex) {
        Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
    }
}


public static void testHappyDayWithForm() throws Exception {

    MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
    formData.add("grant_type", "password");
    formData.add("client_id", "my-trusted-client");
    formData.add("scope", "read");
    formData.add("username", "muhammed");
    formData.add("password", "1234");

    ResponseEntity<String> response = postForString("/sparklr/oauth/token", formData);
    System.out.println( response.getStatusCode());
    System.out.println(response.getHeaders().getFirst("Cache-Control"));

    DefaultOAuth2SerializationService serializationService = new DefaultOAuth2SerializationService();
    OAuth2AccessToken accessToken = serializationService.deserializeJsonAccessToken(new ByteArrayInputStream(
            response.getBody().getBytes()));

    // now try and use the token to access a protected resource.

    // first make sure the resource is actually protected.
    //assertNotSame(HttpStatus.OK, serverRunning.getStatusCode("/sparklr/photos?format=json"));

    // now make sure an authorized request is valid.
    HttpHeaders headers = new HttpHeaders();
    headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, accessToken.getValue()));
    //assertEquals(HttpStatus.OK, serverRunning.getStatusCode("/sparklr/photos?format=json", headers));
}

    public static ResponseEntity<String> postForString(String path, MultiValueMap<String, String> formData) {
    HttpHeaders headers = new HttpHeaders();
    headers.setAccept(Arrays.asList(MediaType.APPLICATION_FORM_URLENCODED));
            System.out.println(getUrl(path));
    return client.exchange(getUrl(path), HttpMethod.POST, new HttpEntity<MultiValueMap<String, String>>(formData,
            headers), String.class);
}
    public static String getUrl(String path) {
    if (!path.startsWith("/")) {
        path = "/" + path;
    }
    return "http://" + hostName + ":" + port + path;
}

    public static RestTemplate getRestTemplate() {
    RestTemplate client = new RestTemplate();
    CommonsClientHttpRequestFactory requestFactory = new CommonsClientHttpRequestFactory() {
        @Override
        protected void postProcessCommonsHttpMethod(HttpMethodBase httpMethod) {
            httpMethod.setFollowRedirects(false);
            // We don't want stateful conversations for this test
            httpMethod.getParams().setCookiePolicy(CookiePolicy.IGNORE_COOKIES);
        }
    };
    client.setRequestFactory(requestFactory);
    client.setErrorHandler(new ResponseErrorHandler() {
        // Pass errors through in response entity for status code analysis
        public boolean hasError(ClientHttpResponse response) throws IOException {
            return false;
        }

        public void handleError(ClientHttpResponse response) throws IOException {
        }
    });
    return client;
}

这篇关于我如何通过Spring Security创建OAuth 2用户名密码流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-22 11:19