- OAuth2.0介绍
OAuth 2 是一个授权框架,或称授权标准,它可以使第三方应用程序或客户端获得对HTTP服务上(例如 Google,GitHub )用户帐户信息的有限访问权限。OAuth 2 通过将用户身份验证委派给托管用户帐户的服务以及授权客户端访问用户帐户进行工作。综上,OAuth 2 可以为 Web 应用 和桌面应用以及移动应用提供授权流程。
注:使用OAuth2 认证的好处就是你只需要一个账号密码,就能在各个网站进行访问,而免去了在每个网站都进行注册的繁琐过程
- OAuth2.0 授权
授权码模式是功能最完整、流程最严密的授权模式,它的特点是通过客户端的后台服务器,与“服务器提供”的认证服务器进行互动
代码实现
package com.smartdot.grcsp.common.servlet;
import com.smartdot.commons.util.PropertyGetter;
import net.sf.json.JSONObject;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.*;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
/**
* @author xxx
* @date 2019/09/10
* @description 单点登录OAuth2.0操作类
* 步骤:
* 1.门户系统获取临时授权码
* 2.通过授权码获取token令牌
* 3.通过令牌获取用户信息
*/
public class LoginUtil {
private static Logger logger = Logger.getLogger(LoginInterceptor.class);
//测试
private final static String CLIENT_SECRET= PropertyGetter.getString("client_secret");
private final static String CLIENT_ID=PropertyGetter.getString("client_id");
private final static String PORTAL_URL = PropertyGetter.getString("portal_url");
//生产
private final static String PRO_CLIENT_SECRET= PropertyGetter.getString("pro_client_secret");
private final static String PRO_CLIENT_ID=PropertyGetter.getString("pro_client_id");
private final static String PRO_PORTAL_URL = PropertyGetter.getString("pro_portal_url");
/**
* @param grant_type表示使用的授权模式,必选,此处固定值为“authorization_code
* @param code表示上一步获得的授权吗,必选
* @param client_id 表示客户端ID,必选
* @param client_secret表示客户端密钥,必选
* @method post
* @return idpEntity
* @Description: 获取Token
*/
public static JSONObject getToken(String portalUrl,String code,String clientId,String clientSecret) {
String url = portalUrl + "/o/oauth2/token";
System.out.println("url============" + url);
HttpClient client = new HttpClient();
client.getHttpConnectionManager().getParams().setConnectionTimeout('썐');
PostMethod postMethod = new PostMethod(url);
postMethod.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
NameValuePair[] pairs = new NameValuePair[]{new NameValuePair("client_id", clientId), new NameValuePair("client_secret", clientSecret), new NameValuePair("grant_type", "authorization_code"), new NameValuePair("code", code)};
postMethod.setRequestBody(pairs);
int status = 0;
try {
System.out.println("查询token=============");
status = client.executeMethod(postMethod);
System.out.println("查询token结束=============");
} catch (IOException var14) {
var14.printStackTrace();
}
System.out.println("status:="+status);
String result;
if(status == 200) {
result = null;
String var9 = "";
try {
result = postMethod.getResponseBodyAsString();
logger.debug("result======" + result);
InputStream inputStream = postMethod.getResponseBodyAsStream();
BufferedReader br = new BufferedReader(new InputStreamReader(inputStream));
StringBuffer stringBuffer = new StringBuffer();
String str = "";
while((str = br.readLine()) != null) {
stringBuffer.append(str);
}
var9 = stringBuffer.toString();
return JSONObject.fromObject(var9);
} catch (IOException var15) {
var15.printStackTrace();
}
}
return null;
}
/**
* @param portalUrl 门户系统域名
* @param code 临时授权码
* @param clientId
* @param clientSecret
* @return
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws IOException
* @throws KeyManagementException
* @description 生产环境获取token
*/
public static JSONObject getRroToken(String portalUrl,String code,String clientId,String clientSecret) throws KeyStoreException, NoSuchAlgorithmException, IOException, KeyManagementException {
String url = portalUrl + "/o/oauth2/token";
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
String parma = "client_id="+clientId+"&client_secret="+clientSecret+"&code="+code+"&grant_type=authorization_code";
HttpPost httpPost = new HttpPost(url);
httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
System.out.println("parma========"+parma);
StringEntity postingString = new StringEntity(parma,"utf-8");
httpPost.setEntity(postingString);
CloseableHttpResponse response = httpclient.execute(httpPost);
try {
if(response!=null){
System.out.println("status============="+response.getStatusLine());
HttpEntity entity = response.getEntity();
if(entity==null){
System.out.println("entity==="+entity);
return null;
}
return JSONObject.fromObject(EntityUtils.toString(entity));
}
} finally {
response.close();
}
return null;
}
/**
* @param token 表示上一步获得的访问令牌
* @param token_type 表示令牌类型。该值大小写不敏感,必选项,可以是bearer类型或mac类型
* @method post
* @return idpEntity
* @Description: 获取用户信息
*/
public static JSONObject getUseInfo(String portalUrl, String tokenType, String accessToken) {
logger.info("portalUrl======" + portalUrl + "tokenType=" + tokenType + "accessToken=" + accessToken);
String url = portalUrl + "/api/jsonws/user/get-current-user";
logger.info("url==" + url);
HttpClient client = new HttpClient();
client.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod getMethod = new GetMethod(url);
getMethod.setRequestHeader("Content-Type", "application/json");
getMethod.setRequestHeader("Authorization","Bearer "+accessToken);
int status = 0;
try {
status = client.executeMethod(getMethod);
} catch (IOException var14) {
logger.debug(var14);
}
System.out.println("status:="+status);
String result;
if(status == 200) {
String var9 = "";
try {
result = getMethod.getResponseBodyAsString();
logger.debug("result======" + result);
InputStream inputStream = getMethod.getResponseBodyAsStream();
BufferedReader br = new BufferedReader(new InputStreamReader(inputStream));
StringBuffer stringBuffer = new StringBuffer();
String str = "";
while((str = br.readLine()) != null) {
stringBuffer.append(str);
}
var9 = stringBuffer.toString();
return JSONObject.fromObject(var9);
} catch (IOException var15) {
logger.debug(var15);
}
}
return null;
}
/**
* @param portalUrl
* @param tokenType
* @param accessToken
* @return
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws IOException
* @throws KeyManagementException
* @description 生产环境获取用户信息
*/
public static JSONObject getProUseInfo(String portalUrl, String tokenType, String accessToken) throws KeyStoreException, NoSuchAlgorithmException, IOException, KeyManagementException{
logger.info("portalUrl======" + portalUrl + "tokenType=" + tokenType + "accessToken=" + accessToken);
String url = portalUrl + "/api/jsonws/user/get-current-user";
logger.info("url==" + url);
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpGet httpGet = new HttpGet(url);
httpGet.setHeader("Content-Type", "application/x-www-form-urlencoded");
httpGet.setHeader("Authorization","Bearer "+accessToken);
CloseableHttpResponse response = httpclient.execute(httpGet);
try {
if(response!=null){
System.out.println("status============="+response.getStatusLine());
HttpEntity entity = response.getEntity();
if(entity==null){
System.out.println("entity==="+entity);
return null;
}
return JSONObject.fromObject(EntityUtils.toString(entity));
}
} finally {
response.close();
}
return null;
}
//登录调用
public static JSONObject getLogin(HttpServletRequest request, HttpServletResponse response) {
String portalUrl = "";
String clientId = "";
String clientSecret = "";
Boolean mark = false;
if("生产环境应用域名".equalsIgnoreCase(request.getServerName())){
portalUrl = PRO_PORTAL_URL;
clientId = PRO_CLIENT_ID;
clientSecret = PRO_CLIENT_SECRET;
System.out.println("生产环境");
System.out.println("portalUrl==="+portalUrl);
System.out.println("clientId==="+clientId);
System.out.println("clientSecret==="+clientSecret);
mark = true;
}else if("测试环境应用域名".equalsIgnoreCase(request.getServerName())){
portalUrl = PORTAL_URL;
clientId = CLIENT_ID;
clientSecret = CLIENT_SECRET;
System.out.println("测试环境");
}else{
System.out.println("========非测试或者正式环境无法调用单点登录=======");
return null;
}
try {
//获取临时授权码
String code = request.getParameter("code");
System.out.println("--------------------------------------------code is:" + code);
//token类型
String accessToken;
//token令牌
String tokenType;
JSONObject obj = null;
if(org.apache.commons.lang.StringUtils.isNotBlank(code)) {
//获取token令牌
if(mark){
obj = getRroToken(portalUrl,code,clientId,clientSecret);
}else{
obj = getToken(portalUrl,code,clientId,clientSecret);
}
System.out.println("--------------------------------------------obj is:" + obj);
if(obj != null) {
accessToken = obj.getString("access_token");
new Cookie("idp_token", accessToken);
tokenType = obj.getString("token_type");
System.out.println("accessToken:" + accessToken + " tokenType:" + tokenType);
//获取用户信息
JSONObject json;
if(mark){
json = getProUseInfo(portalUrl, tokenType, accessToken);
}else{
json = getUseInfo(portalUrl, tokenType, accessToken);
}
if(json != null) {
System.out.println("json===" + json);
//return json.getString("screenName");
return json;
}
}
} else {
(new StringBuilder()).append("http://").append(request.getServerName()).append(":").append(request.getServerPort()).append(request.getContextPath()).toString();
String appUrl = "http://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath()+"/rest/ssologin";
if(mark){
appUrl = "http://" + request.getServerName() + request.getContextPath()+"/rest/ssologin";
}
System.out.println("appUrl========="+appUrl);
String liferayDomain = portalUrl + "/o/oauth2/authorize/" + "?client_id=" + clientId;
String clientDomain = "&redirect_uri=" + URLEncoder.encode(appUrl) + "&response_type=code" + "&state=fkLiferay";
System.out.println("clientDomain encode前===&redirect_uri=" + appUrl + "&response_type=code" + "&state=fkLiferay");
System.out.println("clientDomain encode后===&redirect_uri=" + URLEncoder.encode(appUrl) + "&response_type=code" + "&state=fkLiferay");
String destUrl = liferayDomain+clientDomain;
System.out.println("destUrl===" + destUrl);
response.sendRedirect(destUrl);
}
} catch (Exception var10) {
System.out.println("e.getMessage():" + var10.getMessage());
var10.printStackTrace();
}
return null;
}
}