cas集成oauth，用新浪微博賬號登錄示例

cas官方已經在開發cas與oauth集成的插件，使用的是scribe-up這個項目來獲取授權後的用戶基本信息。計劃在cas3.5.0版本時推出，不過現在已經可以用了，下面將以新浪微博爲例，說明如何用新浪微博的賬號登錄cas，到https://github.com/Jasig/cas/tree/master/cas-server-support-oauth下載源碼，把cas-server-support-oauth的依賴添加到你的cas項目中。

先定義兩個類，SinaWeiboApi20.java和SinaWeiboProvider.java，SinaWeiboApi20.java主要定義新浪微博的授權鏈接，SinaWeiboProvider.java主要是獲取用戶授權後的用戶信息。

SinaWeiboApi20.java

public class SinaWeiboApi20 extends DefaultApi20
{
  private static final String AUTHORIZE_URL = "https://api.weibo.com/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code";
  private static final String SCOPED_AUTHORIZE_URL = AUTHORIZE_URL + "&scope=%s";

  @Override
  public Verb getAccessTokenVerb()
  {
    return Verb.POST;
  }

  @Override
  public AccessTokenExtractor getAccessTokenExtractor()
  {
    return new JsonTokenExtractor();
  }

  @Override
  public String getAccessTokenEndpoint()
  {
    return "https://api.weibo.com/oauth2/access_token?grant_type=authorization_code";
  }

  @Override
  public String getAuthorizationUrl(OAuthConfig config)
  {
    // Append scope if present
    if (config.hasScope())
    {
      return String.format(SCOPED_AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()), OAuthEncoder.encode(config.getScope()));
    }
    else
    {
      return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));
    }
  }
}

SinaWeiboProvider.java

public class SinaWeiboProvider extends BaseOAuth20Provider {
  
  @Override
  protected void internalInit() {
    if (scope != null) {
      service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)
          .apiSecret(secret).callback(callbackUrl).scope(scope).build();
    } else {
      service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)
          .apiSecret(secret).callback(callbackUrl).build();
    }
    String[] names = new String[] {"uid", "username"};
    for (String name : names) {
      mainAttributes.put(name, null);
    }
    
  }
  
  @Override
  protected String getProfileUrl() {
    return "https://api.weibo.com/2/statuses/user_timeline.json";
  }
  
  @Override
  protected UserProfile extractUserProfile(String body) {
    UserProfile userProfile = new UserProfile();
    JsonNode json = JsonHelper.getFirstNode(body);
    ArrayNode statuses = (ArrayNode) json.get("statuses");
    JsonNode userJson = statuses.get(0).get("user");
    if (json != null) {
      UserProfileHelper.addIdentifier(userProfile, userJson, "id");
      for (String attribute : mainAttributes.keySet()) {
        UserProfileHelper.addAttribute(userProfile, json, attribute,
            mainAttributes.get(attribute));
      }
    }
    JsonNode subJson = userJson.get("id");
    if (subJson != null) {
      UserProfileHelper
          .addAttribute(userProfile, "uid", subJson.getIntValue());
      
    }
    subJson = userJson.get("domain");
    if (subJson != null) {
      UserProfileHelper.addAttribute(userProfile, "username",
          subJson.getTextValue());     
    }

    return userProfile;
  }

}

添加SinaWeiboProvider bean聲明到applicationContext.xml

<bean id="sinaWeibo" class="com.xxx.oauth.provider.SinaWeiboProvider">
		<property name="key" value="sinaweibo_key" />
		<property name="secret" value="sinaweibo_secret" />
		<property name="callbackUrl" value="https://sso.xxx.com:9443/login" />
	</bean>

其中callbackUrl爲你cas的登錄地址。

在cas-servlet.xml 中定義OAuthAction bean

<bean id="oauthAction" class="org.jasig.cas.support.oauth.web.flow.OAuthAction"
   		p:centralAuthenticationService-ref="centralAuthenticationService"  >
		<property name="providers">
			<list>
				<ref bean="sinaWeibo" />				
			</list>
		</property>
	</bean>

添加oauthAction到cas的login-webflow.xml中，其主要功能是攔截oauth服務商返回的信息。

<action-state id="oauthAction"> 
		<evaluate expression="oauthAction" /> 
		<transition on="success" to="sendTicketGrantingTicket" /> 
		<transition on="error" to="ticketGrantingTicketExistsCheck" />
	</action-state>

添加OAuthAuthenticationHandler到deployerConfigContext.xml 中的authenticationHandlers處，使其支持oauth驗證

<property name="authenticationHandlers">
			<list>		
				<bean class="org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler"> 
					<property name="providers">       
						<list>         
						    <ref bean="sinaWeibo" />         			      
						</list>     
					</property>   
				</bean>				
			</list>
		</property>

添加OAuthCredentialsToPrincipalResolver 到deployerConfigContext.xml中的credentialsToPrincipalResolvers處。

<property name="credentialsToPrincipalResolvers">
			<list>		
				<bean class="org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver" >	
				</bean>
			</list>
		</property>

如果想獲取從oauth返回的用戶信息，就必須添加OAuthAuthenticationMetaDataPopulator到deployerConfigContext.xml中authenticationMetaDataPopulators處。

<property name="authenticationMetaDataPopulators"> 
			<list> 
				<bean class="org.jasig.cas.support.oauth.authentication.OAuthAuthenticationMetaDataPopulator" /> 
			</list> 
		</property>

最後一步就添加用新浪微博賬號登錄的鏈接到登錄頁面

<a href="${SinaWeiboProviderUrl}">用新浪微博登錄</a> 

大功告成!

參考資料：https://wiki.jasig.org/display/CASUM/OAuth+client+support

本文地址：http://blog.csdn.net/laigood12345/article/details/7567247