官网文档:https://developers.google.com/identity/sign-in/web/sign-in
1,流程:
方案一,可以全部由后端处理,方案二,可以前后端配合,前端通过google的js吊起google登录,登录后,前端传给后端一个id_token,后端进行认证,认证id_token的正确性和aud是否跟你的应用aud一致,确保请求是从你的应用发出的。
注意:1,发出认证的ip地址必须是在google开发者账号中创建账号时配置的地址,否则请求不过去,报错:connect reset
2,httpClient必须是https,否则被google拦截。
大家也可以参考:https://codeload.github.com/vstaryw/third_party_login/zip/master 这里有google,qq,新郎,微信,等等
代码:
package com.messcat.app.utils;
import com.alibaba.fastjson.JSON;
import com.messcat.imgrnt.custom.dao.model.GoogleInfoResult;
import java.io.Serializable;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* google验证token工具类
*
* @author sy
* @date 2019/8/27 14:10
*/
public class GoogleCheckTokenUtils implements Serializable {
/**
* 验证token的地址
*/
private static final String GOOGLE_URL = "https://oauth2.googleapis.com/tokeninfo";
/**
* 开发者账号上申请的应用的client_id
*/
private static final String CLIENT_ID = "********";
/**
* 默认编码为utf-8
*/
private static final String charset = "utf-8";
/**
* slf4j打印日志
*/
private static Logger logger = LoggerFactory.getLogger(GoogleCheckTokenUtils.class);
/**
* 判断id_token是否生效,
*/
public static GoogleInfoResult checkGoogleToken(String idToken) {
//判断idToken是否为空或者null
if (!StringUtils.isNotBlank(idToken)) {
return null;
}
//构建url和参数
StringBuffer sb = new StringBuffer();
sb.append(GOOGLE_URL);
sb.append("?id_token=");
sb.append(idToken);
String result = HttpClientUtil.doGet(sb.toString(), charset);
logger.info("google token check result is : {} ",result);
if (StringUtils.isBlank(result)) {
return null;
}
//转成Object对象
GoogleInfoResult googleInfoResult = JSON.parseObject(result, GoogleInfoResult.class);
//比较aud,判断是否请求来源你的程序
if (googleInfoResult != null && googleInfoResult.getAud().equals(CLIENT_ID)) {
return googleInfoResult;
}
return null;
}
}
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
/*
* 利用HttpClient进行post请求的工具类(https发送)
*/
public class HttpClientUtil {
public String doPost(String url,Map<String,String> map,String charset){
HttpClient httpClient = null;
HttpPost httpPost = null;
String result = null;
try{
httpClient = new SSLClient();
httpPost = new HttpPost(url);
//设置参数
List<NameValuePair> list = new ArrayList<NameValuePair>();
Iterator iterator = map.entrySet().iterator();
while(iterator.hasNext()){
Entry<String,String> elem = (Entry<String, String>) iterator.next();
list.add(new BasicNameValuePair(elem.getKey(),elem.getValue()));
}
if(list.size() > 0){
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(list,charset);
httpPost.setEntity(entity);
}
HttpResponse response = httpClient.execute(httpPost);
if(response != null){
HttpEntity resEntity = response.getEntity();
if(resEntity != null){
result = EntityUtils.toString(resEntity,charset);
}
}
}catch(Exception ex){
ex.printStackTrace();
}
return result;
}
/**
* 发送get请求
* @param url 链接地址
* @param charset 字符编码,若为null则默认utf-8
* @return
*/
public static String doGet(String url,String charset){
if(null == charset){
charset = "utf-8";
}
HttpClient httpClient = null;
HttpGet httpGet= null;
String result = null;
try {
httpClient = new SSLClient();
httpGet = new HttpGet(url);
HttpResponse response = httpClient.execute(httpGet);
if(response != null){
HttpEntity resEntity = response.getEntity();
if(resEntity != null){
result = EntityUtils.toString(resEntity,charset);
}
}
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
}
package com.messcat.app.utils;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
//用于进行Https请求的HttpClient
public class SSLClient extends DefaultHttpClient{
public SSLClient() throws Exception{
super();
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
}
}
有不懂的可在下方评论:
声明:httpClient有引用其他文章,