使用Oauth2.0在Spring MVC中进行灵活身份验证的库
[英]Library for a flexible authentication in Spring MVC with Oauth2.0
问题描述
EDIT: 
编辑:
I'm doing this for the first time and I don't know what to choose for my case. 我是第一次这样做,我不知道该如何选择。 I've got a Spring MVC project set up on my server(it's just a single page web app) and would like to add some "custom API calls" so that my users can access their data on behalf of my app . 我在服务器上建立了一个Spring MVC项目(它只是一个单页Web应用程序),并希望添加一些“自定义API调用”,以便我的用户可以代表我的应用程序访问其数据。
Examples (Imagine a blank page where a user added his preferred links in his listBox ): 示例(想象一个空白页,用户在其中将他的首选链接添加到他的listBox ):
facebook.com/get_my_latest_posts gym.com/pay_my_membership butcher.com/buy_2kg_beef
The user can edit/add links anytime he wants. 用户可以根据需要随时编辑/添加链接。 When he clicks a link , the link is being called and the user receives his facebook latest posts , confirmation that the gym membership has been paid or confirmation that he bought 2kg of beef . 当他单击一个链接时,该链接就会被调用,并且用户会收到his facebook latest posts , confirmation that the gym membership has been paid或confirmation that he bought 2kg of beef 。 (a result based on what link was called) (基于调用链接的结果)
I wouldn't want to bring the user always a login page, so I'll try to use an access token where possible. 我不想让用户总是登录页面,所以我将尽可能尝试使用访问令牌。
Does this sound like science fiction ? 这听起来像科幻小说吗?
If it doesn't, then I saw the spring social examples but wouldn't be better if I used a library like google's OAUTH library or Apache Oltu ? 如果没有,那么我看到了春季的社交示例,但是如果我使用类似google的OAUTH库或Apache Oltu这样的库, 那就更好了吗?
2 个解决方案
解决方案1
3 已采纳 2017-04-16 17:25:11
Spring Social, Google's OAuth Client Library for Java and Apache Oltu fulfill the oauth specification and are all good candidates. Spring Social,Google的Java OAuth客户端库和Apache Oltu都符合oauth规范,都是不错的选择。 Every library comes with some predefined providers. 每个库都带有一些预定义的提供程序。 Spring Social and Apache Oltu contains some popular platforms like Facebook, Twitter, Github or Google. Spring Social和Apache Oltu包含一些流行的平台,例如Facebook,Twitter,Github或Google。 Google OAuth Client Library for Java comes along with the Google API Client Library for Java in order to connect to Google services. 谷歌OAuth客户端库的Java 走来 ,以连接到谷歌服务与谷歌API客户端库的Java。 In Spring Social and Google OAuth Client Library those providers are optional. 在Spring Social和Google OAuth客户端库中,这些提供程序是可选的。
All three libraries are written in a generic way so that one can connect to any oauth provider. 这三个库都是以一种通用的方式编写的,因此一个库可以连接到任何oauth提供程序。 I think that Spring Social could require less integration work than Apache Oltu or Google OAuth Client Library in regard to other Spring modules like Spring Security or MVC. 我认为就其他Spring模块(例如Spring Security或MVC)而言,Spring Social所需的集成工作可能比Apache Oltu或Google OAuth客户端库少。 In the end it all boils down to your personal preference for a library. 最后,一切都归结为您个人对图书馆的偏爱。
If you decide for Spring Social, take a look at this quickstart demo (ignore the README.md and just run ./gradlew bootRun ). 如果您决定使用Spring Social,请看一下此快速入门演示 (忽略README.md并只运行./gradlew bootRun )。 It already contains everything you described in the comments of your question: 它已经包含您在问题注释中描述的所有内容:
- authenticate user through a third party 通过第三方认证用户
- integrate several platforms in one application and fetch user data on demand (imagine the dropdown menu items for example
Twitter profileorTimelinerepresentsfacebook.com/get_my_latest_postsorgym.com/pay_my_membership)将多个平台集成到一个应用程序中,并按需获取用户数据(想象一下下拉菜单项,例如Twitter profile或Timeline代表facebook.com/get_my_latest_posts或gym.com/pay_my_membership)
As you can see in the demo, you can't prevent that your users have to authenticate with every third party once in a time. 正如在演示中所看到的那样,您不能防止您的用户一次必须与每个第三方进行身份验证。 This happens usually when there is no access or refresh token or the token has expired. 通常在没有访问或刷新令牌或令牌已过期时发生。
Take a look at the Spring Social documentation on how to add a new service provider. 查看有关如何添加新服务提供商的Spring Social 文档 。
Summary 摘要
All three libraries are extensible and fit your needs. 这三个库都是可扩展的,可以满足您的需求。 There are many examples on the internet for every library. 互联网上每个图书馆都有很多例子。 Spring Social could require less integration work into an existing Spring application. Spring Social可以减少与现有Spring应用程序的集成工作。
Your application is just a host for many oauth clients for different services (so no science fiction here). 您的应用程序只是许多提供不同服务的oauth客户端的主机(因此这里没有科幻小说)。 You'll need to think about storing the access and refresh token on a per user basis somewhere (database?). 您需要考虑将每个用户的访问和刷新令牌存储在某个地方(数据库?)。 You'll need to provide an after authorization callback url in your application for every service you want to integrate. 您需要在应用程序中为要集成的每个服务提供授权后回调URL。
解决方案2
1 2017-04-16 07:31:42
Defiantly friend. 绝对是朋友。
You should try implementing token service to access your web-application. 您应该尝试实现令牌服务以访问您的Web应用程序。
It is the best way and considered as a good practice. 这是最好的方法,被认为是一种很好的做法。
Please try configuring your own oAuth server using your google account. 请尝试使用您的Google帐户配置自己的oAuth服务器。
Below link has good explanation how we can do that. 下面的链接很好地解释了我们该如何做。
https://oneminutedistraction.wordpress.com/2014/04/29/using-oauth-for-your-javaee-login/ https://oneminutedistraction.wordpress.com/2014/04/29/using-oauth-for-your-javaee-login/
Another example. 另一个例子。 Below one is also a good example for beginners. 下面对于初学者来说也是一个很好的例子。
https://stormpath.com/blog/token-auth-for-java https://stormpath.com/blog/token-auth-for-java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.