一、获取授权码Code:
访问授权服务器 /oauth/authorize 端点:(只用于"implicit", "authorization_code")
GET: http://127.0.0.1:8080/oauth/authorize?client_id=client&response_type=code&redirect_uri=http://www.baidu.com
参数:
(1)response_type=code 必须指定。
(2) client_id=client 客户端必须指定。
(3)redirect_uri=http:// 重定向地址 必须与数据表一致
结果:如果同意授权: 返回code=cown42 并跳转到redirect_uri=http://www.baidu.com
过程:比较client_id、及redirect_uri、scope、
涉及到核心类:
(1)DefaultRedirectResolver:redirect_uri地址校验。
(2)JdbcAuthorizationCodeServices/InMemoryAuthorizationCodeServices: 生成的code,并保存(code,OAuth2Authentication)在内存或数据库(oauth_code表)
(3)JdbcClientDetailsService: 从表oauth_client_details读取ClientDetails信息,用来校验。
(4)LoginUrlAuthenticationEntryPoint:末登录时,异常由ExceptionTranslationFilter doFilter()---》LoginUrlAuthenticationEntryPoint--》重定向到loginFromUrl页面。
public class AuthorizationEndpoint extends AbstractEndpoint {
//一、相关操作:
private AuthorizationCodeServices authorizationCodeServices = new InMemoryAuthorizationCodeServices();
private RedirectResolver redirectResolver = new DefaultRedirectResolver();
private UserApprovalHandler userApprovalHandler = new DefaultUserApprovalHandler();
private SessionAttributeStore sessionAttributeStore = new DefaultSessionAttributeStore();
private OAuth2RequestValidator oauth2RequestValidator = new DefaultOAuth2RequestValidator();
//授权确认页面
private String userApprovalPage = "forward:/oauth/confirm_access";
private String errorPage = "forward:/oauth/error";
//二、接口:
@RequestMapping(value = "/oauth/authorize")
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,SessionStatus sessionStatus, Principal principal) {
/*1. 通过DefaultOAuth2RequestFactory.createAuthorizationRequest()
AuthorizationRequest request = new AuthorizationRequest();
从client数据库表加载clietDetails信息
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
request.setResourceIdsAndAuthoritiesFromClientDetails(clientDetails);
*/
AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(parameters);
Set<String> responseTypes = authorizationRequest.getResponseTypes();
//2.反应类型必须是code
if (!responseTypes.contains("token") && !responseTypes.contains("code")) {
throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes);
}
//3.必须指定clientId
if (authorizationRequest.getClientId() == null) {
throw new InvalidClientException("A client id must be provided");
}
try {
//4.访问该端点必须认证isAuthenticated = ture,抛出异常,由ExceptionTranslationFilter doFilter()---》LoginUrlAuthenticationEntryPoint--》重定向到loginFromUrl页面。
if (!(principal instanceof Authentication) || !((Authentication) principal)