import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Scope;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserApprovalRequiredException;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.RequestEnhancer;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.stereotype.Controller;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;import javax.servlet.http.HttpServletRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;@Controller
public class LoginController { @Autowired
private OAuth2ClientContext context; @Bean
@Scope("session")
public OAuth2ClientContext createContext() {
return new DefaultOAuth2ClientContext();
} @ResponseBody
@RequestMapping("/weixin/authorize")
public Object getUserInfo(HttpServletRequest request) {
class WeixinAuthorizationCodeAccessTokenProvider extends AuthorizationCodeAccessTokenProvider {
public WeixinAuthorizationCodeAccessTokenProvider(List<HttpMessageConverter<?>> messageConverters) {
this.setMessageConverters(messageConverters);
this.setTokenRequestEnhancer(new RequestEnhancer() {
@Override
public void enhance(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource,
MultiValueMap<String, String> form, HttpHeaders headers) {
String clientId = form.getFirst("client_id");
String clientSecret = form.getFirst("client_secret");
form.set("appid", clientId);
form.set("secret", clientSecret);
form.remove("client_id");
form.remove("client_secret");
}
});
} @Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request)
throws UserRedirectRequiredException, UserApprovalRequiredException,
AccessDeniedException, OAuth2AccessDeniedException {
try {
return super.obtainAccessToken(details, request);
} catch (UserRedirectRequiredException e) {
Map<String, String> params = e.getRequestParams();
String clientId = params.get("client_id");
params.put("appid", clientId);
params.remove("client_id");
throw e;
}
}
} class WeixinOAuth2RestTemplate extends OAuth2RestTemplate { public WeixinOAuth2RestTemplate(AuthorizationCodeResourceDetails resource, OAuth2ClientContext context) {
super(resource, context);
List<HttpMessageConverter<?>> messageConverters = new ArrayList<HttpMessageConverter<?>>();
messageConverters.add(new MappingJackson2HttpMessageConverter() {
@Override
protected boolean canRead(MediaType mediaType) {
return true;
}
});
this.setMessageConverters(messageConverters);
this.setAccessTokenProvider(new WeixinAuthorizationCodeAccessTokenProvider(messageConverters));
} @Override
protected URI appendQueryParameter(URI uri, OAuth2AccessToken accessToken) {
uri = super.appendQueryParameter(uri, accessToken);
String url = uri.toString();
if (url.contains("$openid$")) {
String openid = (String) accessToken.getAdditionalInformation().get("openid");
try {
uri = new URI(url.replace("$openid$", openid));
} catch (URISyntaxException e) {
e.printStackTrace();
}
}
return uri;
} } AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAuthenticationScheme(AuthenticationScheme.form);
resource.setClientAuthenticationScheme(AuthenticationScheme.form);
resource.setClientId("xxxxxxxxxxx");
resource.setClientSecret("xxxxxxxxxxx");
resource.setUserAuthorizationUri("https://open.weixin.qq.com/connect/oauth2/authorize");
resource.setAccessTokenUri("https://api.weixin.qq.com/sns/oauth2/access_token");
resource.setScope(Arrays.asList("snsapi_userinfo"));
context.getAccessTokenRequest().setCurrentUri(request.getRequestURL().toString());// resource.setPreEstablishedRedirectUri("http://www.baidu.com");// resource.setUseCurrentUri(false); OAuth2RestTemplate template = new WeixinOAuth2RestTemplate(resource, context);
String url = "https://api.weixin.qq.com/sns/userinfo?lang=zh_CN&openid=$openid$";
ResponseEntity<Object> result = template.getForEntity(url, Object.class);
return result.getBody();
}}
https://www.cnblogs.com/kingsy/p/6375881.html
class WeixinClientCredentialsAccessTokenProvider extends ClientCredentialsAccessTokenProvider {
public WeixinClientCredentialsAccessTokenProvider() {
List<HttpMessageConverter<?>> converters = new ArrayList<HttpMessageConverter<?>>();
converters.add(new MappingJackson2HttpMessageConverter());
this.setMessageConverters(converters);
this.setTokenRequestEnhancer(new RequestEnhancer() { @Override
public void enhance(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource,
MultiValueMap<String, String> form, HttpHeaders headers) {
form.set("appid", resource.getClientId());
form.set("secret", resource.getClientSecret());
form.set("grant_type", "client_credential");
}
}); }
OAuth2ClientContext context = new DefaultOAuth2ClientContext();
ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setClientId("xxxxxxxxx");
resource.setClientSecret("xxxxxxxxxxxxxxx");
resource.setAccessTokenUri("https://api.weixin.qq.com/cgi-bin/token");
resource.setAuthenticationScheme(AuthenticationScheme.form);
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource, context);
restTemplate.setAccessTokenProvider(new WeixinClientCredentialsAccessTokenProvider());
restTemplate.setRetryBadAccessTokens(true);
ResponseEntity<Object> response = restTemplate.getForEntity("https://api.weixin.qq.com/cgi-bin/user/get", Object.class);
if (response.getStatusCode() == HttpStatus.OK) {
System.out.println(response.getBody());
}
http://www.cnblogs.com/kingsy/p/6375880.html
使用背景 :公司有个开放平台,若要访问开放平台,必须先要获取授权访问令牌(也就是下面说的:access_token)。公司的授权系统是用spring oauth2.0实现的,今天就不讲这个项目,网上比较多。今天主要是讲下如何用spring OAuth2.0 Client 组件会去实现高效获取access_token。
以下是实现代码:
1.项目启动后,从oauth.properties获取相关的信息(如公钥、私钥等信息),然后实例化OAuth2RestTemplate,主要是通过OAuth2RestTemplate这个类去获取access_token
@EnableOAuth2Client
@Configuration
@Component
public class Oauth2Config{ private final static Logger logger = Logger.getLogger(Oauth2Config.class); private static String location = "classpath:config/*/oauth.properties"; private static Map<String,String> oauthInfo = new HashMap<String,String>(); @Autowired
private OAuth2ClientContext oauth2Context; /**
* 获取配置文件信息
*/
static{
ResourcePatternResolver patternResolver = new PathMatchingResourcePatternResolver();
Resource[] resources;
try {
resources = patternResolver.getResources(location);
location = resources[0].getFile().getAbsolutePath();
logger.info("location" + location);
Properties props = new Properties();
try {
if(location.contains("dev")){
props = PropertiesLoaderUtils.loadAllProperties("config/dev/oauth.properties");
}else if(location.contains("test")){
props = PropertiesLoaderUtils.loadAllProperties("config/test/oauth.properties");
}else if(location.contains("production")){
props = PropertiesLoaderUtils.loadAllProperties("config/production/oauth.properties");
}
for(Object key:props.keySet()){
logger.warn(key + " : " + (String)props.get(key));
oauthInfo.put((String) key, (String)props.get(key));
}
} catch (IOException e) {
System.out.println(e.getMessage());
}
} catch (IOException e) {
e.printStackTrace();
} } @Bean
public AccessTokenRequest accessTokenRequest(){
AccessTokenRequest defaultAccessTokenRequest = new DefaultAccessTokenRequest();
Map<String, List<String>> headers = new HashMap<String, List<String>>();
List<String> headerList=new ArrayList<String>();
headerList.add("Basic " + oauthInfo.get("public_key"));
headers.put("Authorization", headerList);
defaultAccessTokenRequest.setHeaders(headers);
defaultAccessTokenRequest.setCurrentUri(oauthInfo.get("redirect_uri"));
return defaultAccessTokenRequest;
} @Bean
public AuthorizationCodeResourceDetails resourceDetails(){
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri(oauthInfo.get("oauth_url") + oauthInfo.get("request_and_refresh_token"));
resource.setClientId(oauthInfo.get("client_id"));
resource.setGrantType("authorization_code");
resource.setUserAuthorizationUri(oauthInfo.get("oauth_url") + oauthInfo.get("request_code_url"));
resource.setScope(Arrays.asList("app"));
resource.setPreEstablishedRedirectUri(oauthInfo.get("redirect_uri"));
return resource;
} @Bean
public OAuth2RestTemplate oAuth2RestTemplate(){
accessTokenRequest().setPreservedState(oauthInfo.get("redirect_uri"));
accessTokenRequest().setStateKey(new DefaultStateKeyGenerator().generateKey(resourceDetails())); AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
provider.setAuthenticationHandler(new ClientAuthenticationHandler() {
@Override
public void authenticateTokenRequest(
OAuth2ProtectedResourceDetails resource,
MultiValueMap<String, String> form, HttpHeaders headers) {
headers.set("Authorization", "Basic " + oauthInfo.get("private_key") );
}
});
AccessTokenProviderChain providerChain = new AccessTokenProviderChain(Arrays.asList(provider));
//oauth2Context.setPreservedState(accessTokenRequest().getStateKey(),accessTokenRequest().getPreservedState());
OAuth2RestTemplate template=new OAuth2RestTemplate(resourceDetails(),oauth2Context);
template.setAccessTokenProvider(providerChain);
return template;
}}
2.通过OAuth2RestTemplate去获取access_token的值,之所以每次都情况授权code,是因为spring oauth2授权code只能用一次便废弃,然后起OAuth2ClientContext类又不主动清空code,这里我只能自己手动清除。
@Component
public class AccessTokenUtils { private final static Logger logger = Logger.getLogger(AccessTokenUtils.class); @Autowired
private OAuth2RestTemplate restTemplate; @Autowired
private Oauth2Config oauth2Config; /**
* 获取oauth2的授权令牌access_token
* @return
*/
public String getAccessToken(){
logger.info("获取oauth2的授权令牌access_token start ...");
OAuth2ClientContext oAuth2ClientContext = restTemplate.getOAuth2ClientContext();
oAuth2ClientContext.getAccessTokenRequest().setAuthorizationCode(null);//清空授权code
String stateKey = oAuth2ClientContext.getAccessTokenRequest().getStateKey();
Object preservedState = oAuth2ClientContext.getAccessTokenRequest().getPreservedState();
if(StringUtils.isEmpty(stateKey))
stateKey = new DefaultStateKeyGenerator().generateKey(oauth2Config.resourceDetails());
if(preservedState == null )
preservedState = VipConstant.redirtUrl; logger.info("statekey:" + stateKey + " ; preservedState : " + preservedState);
oAuth2ClientContext.setPreservedState(oAuth2ClientContext.getAccessTokenRequest().getStateKey(), oAuth2ClientContext.getAccessTokenRequest().getPreservedState());
OAuth2AccessToken oAuth2AccessToken = this.restTemplate.getAccessToken();
String access_token = oAuth2AccessToken.getValue();
logger.info("获取oauth2的授权令牌access_token end ;access_token = " + access_token + ";失效时间 = " + oAuth2AccessToken.getExpiration() + " ;剩余失效时间:" + oAuth2AccessToken.getExpiresIn() );
return access_token;
}}
3.以下配置是授权服务给配置的
#==================spring oauth2.0=====================================
#客户端ID
client_id=xxx
#公钥(BASE64(xx))
public_key=xxx
#私钥(BASE64(xx))
private_key=xx
#spring oauth2.0服务url
oauth_url=xxx
#获取请求code URL
request_code_url=oauth/authorize
#获取请求token或刷新token URL
request_and_refresh_token=oauth/token
#回调地址
redirect_uri=http://www.baidu.com
Spring OAuth2.0 Client官网地址:http://projects.spring.io/spring-security-oauth/docs/oauth2.html
