cas官方已經在開發cas與oauth集成的插件,使用的是scribe-up這個項目來獲取授權後的用戶基本信息。計劃在cas3.5.0版本時推出,不過現在已經可以用了,下面將以新浪微博爲例,說明如何用新浪微博的賬號登錄cas,到https://github.com/Jasig/cas/tree/master/cas-server-support-oauth下載源碼,把cas-server-support-oauth的依賴添加到你的cas項目中。
先定義兩個類,SinaWeiboApi20.java和SinaWeiboProvider.java,SinaWeiboApi20.java主要定義新浪微博的授權鏈接,SinaWeiboProvider.java主要是獲取用戶授權後的用戶信息。
SinaWeiboApi20.java
public class SinaWeiboApi20 extends DefaultApi20
{
private static final String AUTHORIZE_URL = "https://api.weibo.com/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code";
private static final String SCOPED_AUTHORIZE_URL = AUTHORIZE_URL + "&scope=%s";
@Override
public Verb getAccessTokenVerb()
{
return Verb.POST;
}
@Override
public AccessTokenExtractor getAccessTokenExtractor()
{
return new JsonTokenExtractor();
}
@Override
public String getAccessTokenEndpoint()
{
return "https://api.weibo.com/oauth2/access_token?grant_type=authorization_code";
}
@Override
public String getAuthorizationUrl(OAuthConfig config)
{
// Append scope if present
if (config.hasScope())
{
return String.format(SCOPED_AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()), OAuthEncoder.encode(config.getScope()));
}
else
{
return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));
}
}
}
SinaWeiboProvider.java
public class SinaWeiboProvider extends BaseOAuth20Provider {
@Override
protected void internalInit() {
if (scope != null) {
service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)
.apiSecret(secret).callback(callbackUrl).scope(scope).build();
} else {
service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)
.apiSecret(secret).callback(callbackUrl).build();
}
String[] names = new String[] {"uid", "username"};
for (String name : names) {
mainAttributes.put(name, null);
}
}
@Override
protected String getProfileUrl() {
return "https://api.weibo.com/2/statuses/user_timeline.json";
}
@Override
protected UserProfile extractUserProfile(String body) {
UserProfile userProfile = new UserProfile();
JsonNode json = JsonHelper.getFirstNode(body);
ArrayNode statuses = (ArrayNode) json.get("statuses");
JsonNode userJson = statuses.get(0).get("user");
if (json != null) {
UserProfileHelper.addIdentifier(userProfile, userJson, "id");
for (String attribute : mainAttributes.keySet()) {
UserProfileHelper.addAttribute(userProfile, json, attribute,
mainAttributes.get(attribute));
}
}
JsonNode subJson = userJson.get("id");
if (subJson != null) {
UserProfileHelper
.addAttribute(userProfile, "uid", subJson.getIntValue());
}
subJson = userJson.get("domain");
if (subJson != null) {
UserProfileHelper.addAttribute(userProfile, "username",
subJson.getTextValue());
}
return userProfile;
}
}
添加SinaWeiboProvider bean聲明到applicationContext.xml
<bean id="sinaWeibo" class="com.xxx.oauth.provider.SinaWeiboProvider">
<property name="key" value="sinaweibo_key" />
<property name="secret" value="sinaweibo_secret" />
<property name="callbackUrl" value="https://sso.xxx.com:9443/login" />
</bean>
其中callbackUrl爲你cas的登錄地址。
在cas-servlet.xml 中定義OAuthAction bean
<bean id="oauthAction" class="org.jasig.cas.support.oauth.web.flow.OAuthAction"
p:centralAuthenticationService-ref="centralAuthenticationService" >
<property name="providers">
<list>
<ref bean="sinaWeibo" />
</list>
</property>
</bean>
添加oauthAction到cas的login-webflow.xml中,其主要功能是攔截oauth服務商返回的信息。
<action-state id="oauthAction">
<evaluate expression="oauthAction" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="ticketGrantingTicketExistsCheck" />
</action-state>
添加OAuthAuthenticationHandler到deployerConfigContext.xml 中的authenticationHandlers處,使其支持oauth驗證
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler">
<property name="providers">
<list>
<ref bean="sinaWeibo" />
</list>
</property>
</bean>
</list>
</property>
添加OAuthCredentialsToPrincipalResolver 到deployerConfigContext.xml中的credentialsToPrincipalResolvers處。
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver" >
</bean>
</list>
</property>
如果想獲取從oauth返回的用戶信息,就必須添加OAuthAuthenticationMetaDataPopulator到deployerConfigContext.xml中authenticationMetaDataPopulators處。
<property name="authenticationMetaDataPopulators">
<list>
<bean class="org.jasig.cas.support.oauth.authentication.OAuthAuthenticationMetaDataPopulator" />
</list>
</property>
最後一步就添加用新浪微博賬號登錄的鏈接到登錄頁面
<a href="${SinaWeiboProviderUrl}">用新浪微博登錄</a>
大功告成!
參考資料:https://wiki.jasig.org/display/CASUM/OAuth+client+support
本文地址:http://blog.csdn.net/laigood12345/article/details/7567247