bre*_*ine 5 java spring spring-security spring-security-oauth2
我使用 Spring+Oauth2 来保护 Web 服务,并且添加了自定义授予类型 (custom-grant):
<bean id="myTokenGranter" class="com.example.oauth2.MyTokenGranter" />
<oauth:authorization-server client-details-service-ref="client-details-service" token-services-ref="tokenServices">
<oauth:refresh-token/>
<oauth:password/>
<oauth:custom-grant token-granter-ref="myTokenGranter" />
</oauth:authorization-server>
Spring调用实现就好了。但是我不知道应该如何在这里实际生成令牌。我看到他们使用一个名为“RandomValueStringGenerator”的类,但我不确定是否没有更好的方法,而且我不知道如何生成一个“好的”令牌,它应该有多长,或者 spring 是否检查令牌的唯一性实际上等等。有没有一种方法可以在这里调用Spring自己的生成器部分?
现在这是我的 tokengranter 类:
public class MyTokenGranter implements TokenGranter {
private RandomValueStringGenerator generator = new RandomValueStringGenerator();
@Override
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
//...logic added here later
return new DefaultOAuth2AccessToken(generator.generate());
}
}
我找不到一个很好的例子,并且 spring ouath2 源代码中只有一个半实现的测试令牌授予者。
好的,这org.springframework.security.oauth2.provider.token.AbstractTokenGranter实际上可以通过复制它或尝试传递正确的构造函数来完成。我只是将其发布给有同样问题的人。您也可以扩展AbstractTokenGranter,但我未能传递正确的构造函数
这是我的实现:
public class MyTokenGranter implements TokenGranter {
@Autowired
private AuthorizationServerTokenServices tokenService;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private DefaultOAuth2RequestFactory defaultOauth2RequestFactory;
private String grantType;
@Override
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
if (!this.grantType.equals(grantType)) {
return null;
}
String clientId = tokenRequest.getClientId();
ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
validateGrantType(grantType, client);
return getAccessToken(client, tokenRequest);
}
protected OAuth2AccessToken getAccessToken(ClientDetails client, TokenRequest tokenRequest) {
return tokenService.createAccessToken(getOAuth2Authentication(client, tokenRequest));
}
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
OAuth2Request storedOAuth2Request = defaultOauth2RequestFactory.createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, null);
}
protected void validateGrantType(String grantType, ClientDetails clientDetails) {
Collection<String> authorizedGrantTypes = clientDetails.getAuthorizedGrantTypes();
if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty()
&& !authorizedGrantTypes.contains(grantType)) {
throw new InvalidClientException("Unauthorized grant type: " + grantType);
}
}
public String getGrantType() {
return grantType;
}
public void setGrantType(String grantType) {
this.grantType = grantType;
}
}
xml配置:
<bean id="myTokenGranter" class="com.example.MyTokenGranter">
<property name="grantType" value="custom-grant" />
</bean>
<oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices">
<oauth:refresh-token/>
<oauth:password/>
<oauth:custom-grant token-granter-ref="myTokenGranter" />
</oauth:authorization-server>
| 归档时间: |
|
| 查看次数: |
9596 次 |
| 最近记录: |