Web网站的授权oAuth2.0 & 单点登录

1.Web网站的授权(oAuth2.0)

1. Client 第三方应用（需要做鉴权的业务网站、业务系统）
2. UserAgent 用户代理（浏览器）
3. Resource Owner 用户授权（用户手动点击【同意】按钮，授权使用第三方登录渠道），第三方渠道授权登录：微信同意登录、或qq授权登录或微博 、GitHub、Gitee，这里使用Gitee做当前网站的第三方授权渠道
4. 用户认证，用户输入账号和密码（gitee账号&密码），账号会通过第三方授权服务器检验（gitee服务器、门户服务），如果校验通过会返一个授权码Authorization Code到业务系统（业务网站）
5. 网站再次发请求并携带上一步获取的授权码Authorization Code去访问第三方授权服务（gitee、门户服务），第三方授权服务会返回一个访问令牌Access token
6. 以后浏览器就可以通过token访问令牌跳过第三方授权直接访问服务器任意请求，token访问令牌可能需要做jwt解密（token校验）或token失效返新token操作
   

点击gitee按钮，跳转到gitee码云登录页，如果gitee账号登录成功，会redirect重定向到咱们自动的业务网站系统首页

在做这套第三方渠道跳转前需要，需要在Gitee上创建第三方应用，这个应用需要配置如下：

• Client ID ：创建应用时自动生成的唯一标识
• Client Secret ：创建应用时自动生成的密钥
• 重定向回调地址url：（需要手动配置）第三方登录授权成功后需要重定向到系统的首页

1. 授权码Authorization Code

@GetMapping("/oauth2.0/gitee/success")
    public String oauth2(@RequestParam("code") String code, HttpSession httpSession) throws Exception {

        HttpResponse post = null;
        try {
            //https://gitee.com/oauth/token?grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}
            Map<String,String> map = new HashMap<>();
            map.put("grant_type",Oauth2Constant.OAUTH2_GRANT_TYPE);
            map.put("code",code);
            map.put("client_id", Oauth2Constant.OAUTH2_CLIENT_ID);
            map.put("redirect_uri",Oauth2Constant.OAUTH2_RIDIRECT_URI);
            map.put("client_secret",Oauth2Constant.OAUTH2_CLIENT_SECRET);
            //String host, String path, String method,
            //Map<String, String> headers,
            //Map<String, String> querys,
            //Map<String, String> bodys
            post = HttpUtils.doPost("https://gitee.com", "/oauth/token", "POST", new HashMap<>(), map, new HashMap<>());
        } catch (Exception e) {
            e.printStackTrace();
        }

        //取出token
        //获取状态行的响应码，如果是200就代表响应成功
        if (post.getStatusLine().getStatusCode() == 200){
            HttpEntity entity = post.getEntity();
            //将HttpEntity转换成String类型
            String entityJsonString = EntityUtils.toString(entity);
            //Json字符串 -> java对象  参数必须是String类型Json串
            SocialUser socialUser = JSON.parseObject(entityJsonString,SocialUser.class);

            //判断账号是否是第一次登陆，如果是第一次登陆就直接注册到会员服务
            R<MemberOAuthVo> r = memberFeignService.oauth2Login(socialUser);
            if (r.getCode() == 0){
                MemberOAuthVo memberOAuthVo = r.getData(new TypeReference<MemberOAuthVo>() {});
                log.info("用户信息:{}",memberOAuthVo);
                httpSession.setAttribute("loginUser",memberOAuthVo);
                return "redirect:http://gulimall.com";
            }
        }else {
            //获取失败 -> 重定向到登录页
            return "redirect:http://auth.gulimall.com/login.html";
        }

        //第三方授权成功 -> 跳转至登陆页
        return "redirect:http://gulimall.com";

    }

实体

/**
 * @Description: 社交用户信息
 **/

@Data
public class SocialUser {

    /**
     *     "access_token": "56310a891ae93588988a3c0e4e685a49",
     *     "token_type": "bearer",
     *     "expires_in": 86400,
     *     "refresh_token": "08782b4126a13a5fab5c22c78f772a88996c03c32aab13069bd7210165ebd91c",
     *     "scope": "user_info",
     *     "created_at": 1687418634
     */

    /**
     * 登陆状态识别：只要登陆就存在，会变化（有效期 1天）
     */
    private String access_token;

    private String token_type;

    /**
     * access_token的过期时间
     */
    private long expires_in;

    /**
     * 可以通过以下 refresh_token 方式重新获取 access_token（ POST请求 ）
     * https://gitee.com/oauth/token?grant_type=refresh_token&refresh_token={refresh_token}
     */
    private String refresh_token;

    /**
     * 权限
     */
    private String scope;

    /**
     * 社交账号与用户账号的关联字段，固定不变
     */
    private long created_at;

}

HttpUtil

package com.atguigu.common.utils;

import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

public class HttpUtils {
    /**
     * get
     *
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @return
     * @throws Exception
     */
    public static HttpResponse doGet(String host, String path, String method,
                                     Map<String, String> headers,
                                     Map<String, String> querys)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpGet request = new HttpGet(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        return httpClient.execute(request);
    }

    /**
     * post form
     *
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @param bodys
     * @return
     * @throws Exception
     */
    public static HttpResponse doPost(String host, String path, String method,
                                      Map<String, String> headers,
                                      Map<String, String> querys,
                                      Map<String, String> bodys)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpPost request = new HttpPost(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        if (bodys != null) {
            List<NameValuePair> nameValuePairList = new ArrayList<NameValuePair>();

            for (String key : bodys.keySet()) {
                nameValuePairList.add(new BasicNameValuePair(key, bodys.get(key)));
            }
            UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(nameValuePairList, "utf-8");
            formEntity.setContentType("application/x-www-form-urlencoded; charset=UTF-8");
            request.setEntity(formEntity);
        }

        return httpClient.execute(request);
    }

    /**
     * Post String
     *
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @param body
     * @return
     * @throws Exception
     */
    public static HttpResponse doPost(String host, String path, String method,
                                      Map<String, String> headers,
                                      Map<String, String> querys,
                                      String body)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpPost request = new HttpPost(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        if (StringUtils.isNotBlank(body)) {
            request.setEntity(new StringEntity(body, "utf-8"));
        }

        return httpClient.execute(request);
    }

    /**
     * Post stream
     *
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @param body
     * @return
     * @throws Exception
     */
    public static HttpResponse doPost(String host, String path, String method,
                                      Map<String, String> headers,
                                      Map<String, String> querys,
                                      byte[] body)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpPost request = new HttpPost(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        if (body != null) {
            request.setEntity(new ByteArrayEntity(body));
        }

        return httpClient.execute(request);
    }

    /**
     * Put String
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @param body
     * @return
     * @throws Exception
     */
    public static HttpResponse doPut(String host, String path, String method,
                                     Map<String, String> headers,
                                     Map<String, String> querys,
                                     String body)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpPut request = new HttpPut(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        if (StringUtils.isNotBlank(body)) {
            request.setEntity(new StringEntity(body, "utf-8"));
        }

        return httpClient.execute(request);
    }

    /**
     * Put stream
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @param body
     * @return
     * @throws Exception
     */
    public static HttpResponse doPut(String host, String path, String method,
                                     Map<String, String> headers,
                                     Map<String, String> querys,
                                     byte[] body)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpPut request = new HttpPut(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        if (body != null) {
            request.setEntity(new ByteArrayEntity(body));
        }

        return httpClient.execute(request);
    }

    /**
     * Delete
     *
     * @param host
     * @param path
     * @param method
     * @param headers
     * @param querys
     * @return
     * @throws Exception
     */
    public static HttpResponse doDelete(String host, String path, String method,
                                        Map<String, String> headers,
                                        Map<String, String> querys)
            throws Exception {
        HttpClient httpClient = wrapClient(host);

        HttpDelete request = new HttpDelete(buildUrl(host, path, querys));
        for (Map.Entry<String, String> e : headers.entrySet()) {
            request.addHeader(e.getKey(), e.getValue());
        }

        return httpClient.execute(request);
    }

    private static String buildUrl(String host, String path, Map<String, String> querys) throws UnsupportedEncodingException {
        StringBuilder sbUrl = new StringBuilder();
        sbUrl.append(host);
        if (!StringUtils.isBlank(path)) {
            sbUrl.append(path);
        }
        if (null != querys) {
            StringBuilder sbQuery = new StringBuilder();
            for (Map.Entry<String, String> query : querys.entrySet()) {
                if (0 < sbQuery.length()) {
                    sbQuery.append("&");
                }
                if (StringUtils.isBlank(query.getKey()) && !StringUtils.isBlank(query.getValue())) {
                    sbQuery.append(query.getValue());
                }
                if (!StringUtils.isBlank(query.getKey())) {
                    sbQuery.append(query.getKey());
                    if (!StringUtils.isBlank(query.getValue())) {
                        sbQuery.append("=");
                        sbQuery.append(URLEncoder.encode(query.getValue(), "utf-8"));
                    }
                }
            }
            if (0 < sbQuery.length()) {
                sbUrl.append("?").append(sbQuery);
            }
        }

        return sbUrl.toString();
    }

    private static HttpClient wrapClient(String host) {
        HttpClient httpClient = new DefaultHttpClient();
        if (host.startsWith("https://")) {
            sslClient(httpClient);
        }

        return httpClient;
    }

    private static void sslClient(HttpClient httpClient) {
        try {
            SSLContext ctx = SSLContext.getInstance("TLS");
            X509TrustManager tm = new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(X509Certificate[] xcs, String str) {

                }
                public void checkServerTrusted(X509Certificate[] xcs, String str) {

                }
            };
            ctx.init(null, new TrustManager[] { tm }, null);
            SSLSocketFactory ssf = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            ClientConnectionManager ccm = httpClient.getConnectionManager();
            SchemeRegistry registry = ccm.getSchemeRegistry();
            registry.register(new Scheme("https", 443, ssf));
        } catch (KeyManagementException ex) {
            throw new RuntimeException(ex);
        } catch (NoSuchAlgorithmException ex) {
            throw new RuntimeException(ex);
        }
    }
}

2.