首页 > 其他分享 >Spring-Security-OAuth2调用微信API

Spring-Security-OAuth2调用微信API

时间:2022-12-27 20:36:38浏览次数:43  
标签:OAuth2 resource Spring org springframework token API import new

 

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Scope;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserApprovalRequiredException;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.RequestEnhancer;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.stereotype.Controller;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpServletRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;

@Controller
public class LoginController {


    @Autowired
    private OAuth2ClientContext context;


    @Bean
    @Scope("session")
    public OAuth2ClientContext createContext() {
        return new DefaultOAuth2ClientContext();
    }


    @ResponseBody
    @RequestMapping("/weixin/authorize")
    public Object getUserInfo(HttpServletRequest request) {
        class WeixinAuthorizationCodeAccessTokenProvider extends AuthorizationCodeAccessTokenProvider {
            public WeixinAuthorizationCodeAccessTokenProvider(List<HttpMessageConverter<?>> messageConverters) {
                this.setMessageConverters(messageConverters);
                this.setTokenRequestEnhancer(new RequestEnhancer() {
                    @Override
                    public void enhance(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource,
                                        MultiValueMap<String, String> form, HttpHeaders headers) {
                        String clientId = form.getFirst("client_id");
                        String clientSecret = form.getFirst("client_secret");
                        form.set("appid", clientId);
                        form.set("secret", clientSecret);
                        form.remove("client_id");
                        form.remove("client_secret");
                    }
                });
            }

            @Override
            public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request)
                    throws UserRedirectRequiredException, UserApprovalRequiredException,
                    AccessDeniedException, OAuth2AccessDeniedException {
                try {
                    return super.obtainAccessToken(details, request);
                } catch (UserRedirectRequiredException e) {
                    Map<String, String> params = e.getRequestParams();
                    String clientId = params.get("client_id");
                    params.put("appid", clientId);
                    params.remove("client_id");
                    throw e;
                }
            }
        }

        class WeixinOAuth2RestTemplate extends OAuth2RestTemplate {

            public WeixinOAuth2RestTemplate(AuthorizationCodeResourceDetails resource, OAuth2ClientContext context) {
                super(resource, context);
                List<HttpMessageConverter<?>> messageConverters = new ArrayList<HttpMessageConverter<?>>();
                messageConverters.add(new MappingJackson2HttpMessageConverter() {
                    @Override
                    protected boolean canRead(MediaType mediaType) {
                        return true;
                    }
                });
                this.setMessageConverters(messageConverters);
                this.setAccessTokenProvider(new WeixinAuthorizationCodeAccessTokenProvider(messageConverters));
            }


            @Override
            protected URI appendQueryParameter(URI uri, OAuth2AccessToken accessToken) {
                uri = super.appendQueryParameter(uri, accessToken);
                String url = uri.toString();
                if (url.contains("$openid$")) {
                    String openid = (String) accessToken.getAdditionalInformation().get("openid");
                    try {
                        uri = new URI(url.replace("$openid$", openid));
                    } catch (URISyntaxException e) {
                        e.printStackTrace();
                    }
                }
                return uri;
            }

        }

        AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
        resource.setAuthenticationScheme(AuthenticationScheme.form);
        resource.setClientAuthenticationScheme(AuthenticationScheme.form);
        resource.setClientId("xxxxxxxxxxx");
        resource.setClientSecret("xxxxxxxxxxx");
        resource.setUserAuthorizationUri("https://open.weixin.qq.com/connect/oauth2/authorize");
        resource.setAccessTokenUri("https://api.weixin.qq.com/sns/oauth2/access_token");
        resource.setScope(Arrays.asList("snsapi_userinfo"));
        context.getAccessTokenRequest().setCurrentUri(request.getRequestURL().toString());

// resource.setPreEstablishedRedirectUri("http://www.baidu.com");

// resource.setUseCurrentUri(false);

        OAuth2RestTemplate template = new WeixinOAuth2RestTemplate(resource, context);
        String url = "https://api.weixin.qq.com/sns/userinfo?lang=zh_CN&openid=$openid$";
        ResponseEntity<Object> result = template.getForEntity(url, Object.class);
        return result.getBody();
    }

}

 

 

class WeixinClientCredentialsAccessTokenProvider extends ClientCredentialsAccessTokenProvider {
    public WeixinClientCredentialsAccessTokenProvider() {
        List<HttpMessageConverter<?>> converters = new ArrayList<HttpMessageConverter<?>>();
        converters.add(new MappingJackson2HttpMessageConverter());
        this.setMessageConverters(converters);
        this.setTokenRequestEnhancer(new RequestEnhancer() {

            @Override
            public void enhance(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource,
                                MultiValueMap<String, String> form, HttpHeaders headers) {
                form.set("appid", resource.getClientId());
                form.set("secret", resource.getClientSecret());
                form.set("grant_type", "client_credential");
            }
        });

    }

 

OAuth2ClientContext context = new DefaultOAuth2ClientContext();
        ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
        resource.setClientId("xxxxxxxxx");
        resource.setClientSecret("xxxxxxxxxxxxxxx");
        resource.setAccessTokenUri("https://api.weixin.qq.com/cgi-bin/token");
        resource.setAuthenticationScheme(AuthenticationScheme.form);
        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource, context);
        restTemplate.setAccessTokenProvider(new WeixinClientCredentialsAccessTokenProvider());
        restTemplate.setRetryBadAccessTokens(true);
        ResponseEntity<Object> response = restTemplate.getForEntity("https://api.weixin.qq.com/cgi-bin/user/get", Object.class);
        if (response.getStatusCode() == HttpStatus.OK) {
            System.out.println(response.getBody());
        }


使用背景 :公司有个开放平台,若要访问开放平台,必须先要获取授权访问令牌(也就是下面说的:access_token)。公司的授权系统是用spring oauth2.0实现的,今天就不讲这个项目,网上比较多。今天主要是讲下如何用spring OAuth2.0 Client 组件会去实现高效获取access_token。
以下是实现代码:

1.项目启动后,从oauth.properties获取相关的信息(如公钥、私钥等信息),然后实例化OAuth2RestTemplate,主要是通过OAuth2RestTemplate这个类去获取access_token

@EnableOAuth2Client
@Configuration
@Component
public class Oauth2Config{
    
    private final static Logger logger = Logger.getLogger(Oauth2Config.class);
    
    private static String location = "classpath:config/*/oauth.properties";
    
    private static Map<String,String> oauthInfo = new HashMap<String,String>();
    
    @Autowired
    private OAuth2ClientContext oauth2Context;
    
    /**
     * 获取配置文件信息
     */
    static{
        ResourcePatternResolver patternResolver = new PathMatchingResourcePatternResolver();
        Resource[] resources;
        try {
            resources = patternResolver.getResources(location);
            location = resources[0].getFile().getAbsolutePath();
            logger.info("location" + location);
            Properties props = new Properties();  
            try {  
                if(location.contains("dev")){
                    props = PropertiesLoaderUtils.loadAllProperties("config/dev/oauth.properties");
                }else if(location.contains("test")){
                    props = PropertiesLoaderUtils.loadAllProperties("config/test/oauth.properties");
                }else if(location.contains("production")){
                    props = PropertiesLoaderUtils.loadAllProperties("config/production/oauth.properties");
                }
                for(Object key:props.keySet()){  
                    logger.warn(key + " : " +  (String)props.get(key));
                    oauthInfo.put((String) key, (String)props.get(key));
                }  
            } catch (IOException e) {  
                System.out.println(e.getMessage());  
            }  
        } catch (IOException e) {
            e.printStackTrace();
        }
        
    } 
    
    
    @Bean
    public AccessTokenRequest accessTokenRequest(){
        AccessTokenRequest defaultAccessTokenRequest = new DefaultAccessTokenRequest();
        Map<String, List<String>> headers = new HashMap<String, List<String>>();
        List<String> headerList=new ArrayList<String>();
        headerList.add("Basic " + oauthInfo.get("public_key"));
        headers.put("Authorization", headerList);
        defaultAccessTokenRequest.setHeaders(headers);
        defaultAccessTokenRequest.setCurrentUri(oauthInfo.get("redirect_uri"));
        return defaultAccessTokenRequest;
    }
    
    @Bean
    public AuthorizationCodeResourceDetails resourceDetails(){
        AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
        resource.setAccessTokenUri(oauthInfo.get("oauth_url") + oauthInfo.get("request_and_refresh_token"));
        resource.setClientId(oauthInfo.get("client_id"));
        resource.setGrantType("authorization_code");
        resource.setUserAuthorizationUri(oauthInfo.get("oauth_url") + oauthInfo.get("request_code_url"));
        resource.setScope(Arrays.asList("app"));
        resource.setPreEstablishedRedirectUri(oauthInfo.get("redirect_uri"));
        return resource;
    }
    
    @Bean
    public OAuth2RestTemplate oAuth2RestTemplate(){
        accessTokenRequest().setPreservedState(oauthInfo.get("redirect_uri"));
        accessTokenRequest().setStateKey(new DefaultStateKeyGenerator().generateKey(resourceDetails()));
        
        AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
        provider.setAuthenticationHandler(new ClientAuthenticationHandler() {
            @Override
            public void authenticateTokenRequest(
                    OAuth2ProtectedResourceDetails resource,
                    MultiValueMap<String, String> form, HttpHeaders headers) {
                headers.set("Authorization", "Basic " + oauthInfo.get("private_key") );
            }
        });
        AccessTokenProviderChain providerChain = new AccessTokenProviderChain(Arrays.asList(provider));
        //oauth2Context.setPreservedState(accessTokenRequest().getStateKey(),accessTokenRequest().getPreservedState());
        OAuth2RestTemplate template=new OAuth2RestTemplate(resourceDetails(),oauth2Context);
        template.setAccessTokenProvider(providerChain);
        return template;
    }

    
}

2.通过OAuth2RestTemplate去获取access_token的值,之所以每次都情况授权code,是因为spring oauth2授权code只能用一次便废弃,然后起OAuth2ClientContext类又不主动清空code,这里我只能自己手动清除。

@Component
public class AccessTokenUtils {

    private final static Logger logger = Logger.getLogger(AccessTokenUtils.class);
    
    
    @Autowired
    private OAuth2RestTemplate restTemplate;
    
    @Autowired
    private Oauth2Config oauth2Config;
    
    
    /**
     * 获取oauth2的授权令牌access_token
     * @return
     */
    public  String getAccessToken(){
        logger.info("获取oauth2的授权令牌access_token start ...");
        OAuth2ClientContext oAuth2ClientContext = restTemplate.getOAuth2ClientContext();
        oAuth2ClientContext.getAccessTokenRequest().setAuthorizationCode(null);//清空授权code
        String stateKey = oAuth2ClientContext.getAccessTokenRequest().getStateKey();
        Object preservedState = oAuth2ClientContext.getAccessTokenRequest().getPreservedState();
        if(StringUtils.isEmpty(stateKey))
            stateKey = new DefaultStateKeyGenerator().generateKey(oauth2Config.resourceDetails());
        if(preservedState == null )
            preservedState = VipConstant.redirtUrl;
        
        logger.info("statekey:" + stateKey + " ; preservedState : " + preservedState);
        oAuth2ClientContext.setPreservedState(oAuth2ClientContext.getAccessTokenRequest().getStateKey(), oAuth2ClientContext.getAccessTokenRequest().getPreservedState());
        OAuth2AccessToken oAuth2AccessToken = this.restTemplate.getAccessToken();
        String access_token = oAuth2AccessToken.getValue();
        logger.info("获取oauth2的授权令牌access_token end ;access_token = " +  access_token + ";失效时间 = " + oAuth2AccessToken.getExpiration() + " ;剩余失效时间:" + oAuth2AccessToken.getExpiresIn() );
        return access_token;
    }
    
}

3.以下配置是授权服务给配置的

#==================spring oauth2.0=====================================
#客户端ID
client_id=xxx
#公钥(BASE64(xx))
public_key=xxx
#私钥(BASE64(xx))
private_key=xx
#spring oauth2.0服务url
oauth_url=xxx
#获取请求code URL
request_code_url=oauth/authorize
#获取请求token或刷新token URL
request_and_refresh_token=oauth/token
#回调地址
redirect_uri=http://www.baidu.com

Spring OAuth2.0 Client官网地址:http://projects.spring.io/spring-security-oauth/docs/oauth2.html

 


 



标签:OAuth2,resource,Spring,org,springframework,token,API,import,new
From: https://blog.51cto.com/u_15147537/5973493

相关文章

  • 使用Spring Session实现Spring Boot水平扩展
    小编说:本文使用SpringSession实现了SpringBoot水平扩展,每个SpringBoot应用与其他水平扩展的SpringBoot一样,都能处理用户请求。如果宕机,Nginx会将请求反向代理到其他运行......
  • spring security oauth2
     ​​https://connect.qq.com/manage.html#/​​​​http://wiki.connect.qq.com/%E7%BD%91%E7%AB%99%E5%BA%94%E7%94%A8%E6%8E%A5%E5%85%A5%E6%B5%81%E7%A8%8B​​​​ h......
  • Supported method argument types Spring MVC
    @GetMapping("/something")@ResponseBodypublicStringhelloWorld(){return"HelloWorld";} @Controller@RequestMapping("/pets")@SessionAttributes("pet")public......
  • Securing Spring Cloud Microservices With OAuth2
    FromZerotoOAuth2inSpringcloudTodayIampresentinghoursofresearchabouta(apparently)simplequestion:“HowcanImaintainsecurityinmymicroservic......
  • Spring Security 实战:QQ登录实现
     准备工作1、在 ​​​QQ互联​​​ 申请成为开发者,并创建应用,得到APPID和APPKey。2、了解QQ登录时的 ​​​网站应用接入流程​​​。(必须看完看懂)为了方便各位测......
  • SpringBoot - 实现AOP与声明式事务
    1.实现声明式事务低版本在启动类(@SpringBootApplication)上加上@EnableTransactionManagement注解@EnableTransactionManagement注解其实在大多数情况下,不是必须的,因为S......
  • Spring AOP源码(二):BeanDefinition的准备工作
    在Spring容器中,要想创建AOP相关的对象就需要创建先准备好相关的beanDefinition信息,这里对于普通bean对象的beanDefinition准备不再赘述,仅介绍AOP的核心对象:AutoProxyCr......
  • SpringBoot - 文件上传
    Java代码@RestControllerpublicclassTestController{//单文件或多文件上传@PostMapping("/file/upload")publicStringfileUpload(@RequestParam(......
  • Spring AOP源码(一):源码分析示例
    1、aop.xml配置文件1<?xmlversion="1.0"encoding="UTF-8"?>2<beansxmlns="http://www.springframework.org/schema/beans"3xmlns:xsi="http://www.w3.......
  • SpringBoot - 全局异常处理@RestControllerAdvice,@ControllerAdvice,@ExceptionHandler
    @RestControllerAdvice与@ControllerAdvice 作用:告诉框架这是一个异常处理类,@RestControllerAdvice返回的是响应体范围:类上 @ExceptionHandler 作用:发生特定类型的......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99