前面一篇講述了如何獲取AccessToken卖怜,此文用于講述怎么樣檢測AccessToken的诵。為什么要檢測AccessToken?廢話,AccessToken是有時效性的材泄,如果不檢測,過時了的東西吨岭,你也敢用拉宗?比如饅頭,反正我是不敢滴辣辫!下面都是在原項目的基礎上加代碼旦事!
AccessToken的檢測
1、根據(jù)token獲取OAuth2AccessToken
2急灭、根據(jù)token獲取OAuth2Authentication
Talk is cheap姐浮,show me the code!Start Bow葬馋!
@RestController
@RequestMapping("/oauth")
public class TokenController {
/**
* 覆蓋了 spring-security-oauth2 內(nèi)部的 endpoint oauth2/check_token
* spring-security-oauth2 內(nèi)部原有的該控制器 CheckTokenEndpoint单料,返回值,不符合自身業(yè)務要求点楼,故覆蓋之扫尖。
*/
@GetMapping("/check_token")
public OAuth2AccessToken getToken(@RequestParam(value = "token") String token){
OAuth2AccessToken oAuth2AccessToken = Oauth2Utils.checkTokenInOauth2Server(token);
return oAuth2AccessToken;
}
/**
* 獲取當前token對應的用戶主體的憑證信息(認證對象)
*/
@GetMapping("/getAuth")
public OAuth2Authentication getAuth(@RequestParam(value = "token") String token){
OAuth2Authentication oAuth2Authentication = Oauth2Utils.getAuthenticationInOauth2Server(token);
return oAuth2Authentication;
}
Oauth2Utils 工具類
public class Oauth2Utils {
/**
* oauth2 認證服務器直接處理校驗請求的邏輯
* @param accessToken
* @return
*/
public static OAuth2AccessToken checkTokenInOauth2Server(String accessToken){
TokenStore tokenStore = (TokenStore) ApplicationSupport.getBean("tokenStore");
OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken);
return oAuth2AccessToken;
}
/**
* oauth2 認證服務器直接處理校驗請求的邏輯
* @param accessToken
* @return
*/
public static OAuth2Authentication getAuthenticationInOauth2Server(String accessToken){
TokenStore tokenStore = (TokenStore) ApplicationSupport.getBean("tokenStore");
OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(accessToken);
return oAuth2Authentication;
}
}
ApplicationSupport工具類
/**
* 獲取Spring容器管理的Bean對象,應用中配置參數(shù)
**/
@Component
public class ApplicationSupport implements DisposableBean, ApplicationContextAware {
private static ApplicationContext applicationContext;
// 獲取配置文件參數(shù)值
public static String getParamVal(String paramKey){
return applicationContext.getEnvironment().getProperty(paramKey);
}
// 獲取bean對象
public static Object getBean(String name) {
Assert.hasText(name);
return applicationContext.getBean(name);
}
public static <T> T getBean(Class<T> clazz) {
return applicationContext.getBean(clazz);
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
@Override
public void destroy() throws Exception {
applicationContext = null;
}
}
/oauth/check_token請求示意圖如下:
獲取OAuth2AccessToken
返回結果如下:
{
"access_token": "3548f870-6904-4493-95d0-762156baeeb1",
"token_type": "bearer",
"refresh_token": "19e79ffd-b43d-478a-8b8b-a91686a5d212",
"expires_in": 2390,
"scope": "read write"
}
/oauth/get_auth請求示意圖如下:
獲取認證信息OAuth2Authentication
返回結果如下:
{
"details": null,
"authorities": [
{
"authority": "USER"
}
],
"authenticated": true,
"userAuthentication": null,
"oauth2Request": {
"clientId": "client_auth_mode",
"scope": [
"read",
"write"
],
"requestParameters": {
"grant_type": "client_credentials"
},
"resourceIds": [],
"authorities": [
{
"authority": "USER"
}
],
"approved": true,
"refresh": false,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"grantType": "client_credentials",
"refreshTokenRequest": null
},
"principal": "client_auth_mode",
"credentials": "",
"clientOnly": true,
"name": "client_auth_mode"
}
1掠廓、參考上述OAuth2AccessToken與OAuth2Authentication對象换怖,則可以根據(jù)業(yè)務需求,調(diào)用相應的接口蟀瞧,或者在此基礎上沉颂,自定義開發(fā)。
2悦污、代碼中注釋提到框架內(nèi)部有個 CheckTokenEndpoint的控制器铸屉,而在該控制器中,也有個映射為oauth/check_token的處理方法切端,在此說明下彻坛,此中兩個接口,是為了符合自身業(yè)務需求而設計踏枣,視情況而定昌屉。
3、CheckTokenEndpoint控制器接口茵瀑,調(diào)用oauth/check_token?token=tokenValue請求返回結果如下:
{
"scope": [
"read",
"write"
],
"exp": 1499448676,
"authorities": [
"USER"
],
"client_id": "client_auth_mode"
}
大功告成
這樣一個簡單的OAuth2認證授權服務器就搭建好了间驮!
Spring-Security-OAuth2服務器之搭建認證授權服務器[一]
Spring-Security-OAuth2服務器搭建之AccessToken的檢測[二]
Spring-Security-OAuth2服務器搭建之資源服務器搭建[三]
Spring-Security-OAuth2資源服務器及SpringSecurity權限控制[四]
**驚不驚喜,意不意外马昨!**
O(∩_∩)O
