前后端分离:
| 进化 |
架构图:
后端code 1-4步:
Credentials:
/**
* @author aric
* @create 2021-04-09-16:39
* @fun
*/
@Data
public class Credentials {
private String username;
private String password;
}
TokenInfo:
/**
* @author aric
* @create 2021-04-09-16:47
* @fun
*/
@Data
public class TokenInfo {
private String access_token;
private String token_type;
private String expires_in;
private String Scope;
}
AdminApplication:
/**
* @author aric
* @create 2021-04-08-18:56
* @fun
*/
@SpringBootApplication
@RestController
public class AdminApplication {
private RestTemplate restTemplate = new RestTemplate();
@PostMapping("/login")
public void login(@RequestBody Credentials credentials, HttpServletRequest request){
String oauthServiceUrl = "http://localhost:9070/token/oauth/check_token";
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
httpHeaders.setBasicAuth("admin","123456");
LinkedMultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
params.add("username",credentials.getUsername());
params.add("password",credentials.getPassword());
params.add("grant_type","password");
params.add("scope","read write");
HttpEntity<MultiValueMap<String, String>> ent = new HttpEntity<MultiValueMap<String, String>>(params,httpHeaders);
ResponseEntity<TokenInfo> response = restTemplate.exchange(oauthServiceUrl, HttpMethod.POST,ent,TokenInfo.class);
request.getSession().setAttribute("token",response.getBody());
}
public static void main(String[] args) {
SpringApplication.run(AdminApplication.class,args);
}
}
后端code 5-8步:
application.yml:
zuul:
routes:
api:
url: http://getway.imooc.com:9070
sensitive-headers:
spring:
application:
name: gateway
SessionTokenFilter:
/**
* @author aric
* @create 2021-04-09-17:41
* @fun
*/
@Component
public class SessionTokenFilter extends ZuulFilter {
public String filterType() {
return "pre";
}
public int filterOrder() {
return 0;
}
public boolean shouldFilter() {
return true;
}
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
TokenInfo token = (TokenInfo) request.getSession().getAttribute("token");
if(token!=null){
requestContext.addZuulRequestHeader("Authorization","bearer "+token.getAccess_token());
}
return null;
}
}
AdminApplication:
/**
* @author aric
* @create 2021-04-08-18:56
* @fun
*/
@SpringBootApplication
@RestController
@EnableZuulProxy
public class AdminApplication {
private RestTemplate restTemplate = new RestTemplate();
@PostMapping("/logout")
public void logout(HttpServletRequest request){
request.getSession().invalidate();
}
@PostMapping("/login")
public void login(@RequestBody Credentials credentials, HttpServletRequest request){
String oauthServiceUrl = "http://localhost:9070/token/oauth/check_token";
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
httpHeaders.setBasicAuth("admin","123456");
LinkedMultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
params.add("username",credentials.getUsername());
params.add("password",credentials.getPassword());
params.add("grant_type","password");
params.add("scope","read write");
HttpEntity<MultiValueMap<String, String>> ent = new HttpEntity<MultiValueMap<String, String>>(params,httpHeaders);
ResponseEntity<TokenInfo> response = restTemplate.exchange(oauthServiceUrl, HttpMethod.POST,ent,TokenInfo.class);
request.getSession().setAttribute("token",response.getBody());
}
以上方式前端都会获取到密码,有安全性问题,每一个客户端应用都需要处理登录逻辑,耦合,我们希望的场景:
OAuth2四种授权:
Resource owner password(使用于APP,客户端应用我们信任的)以上例子基于此种模式。
Authorization code grant授权码模式(适合基于浏览器web)
@GetMapping("/oauth/callback")
public void callback(@RequestParam String code,String state,HttpServletRequest request){
String oauthServceUrl = "http://dateway.xuyu.com:9070/token/oauth/token";
HttoHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLECODED);
headers.setBasicAuth("admin","123456");
MultiCalueMap<String,String> params = new LinkedMultiValueMap<>();
params.add("code",code);
params.add("grant_type","authorization_code");
params.add("redirect_uri","http://admin.xuyu.com:8080/oauth/callback");
HttpEntity<MultiValueMap<String,String>> entity = new HttpEntity<>(params,headers);
ResponseEntity<TokenInfo> token = restTemplate.exhcange(oauthServiceUrl,HttpMethod.POST,ent,TokenInfo.class);
request.getSession().setAttribute("token",token.getBody());
response.sendRedirect("/");
}
@GetMapping("/me") //判断当前有没有登录
public TokenInfo me(HttpServletRequest request){
TokenInfo info = (TokenInfo)request.getSession().getAttribute("token");
return info;
}