[英]Java - Token flow OAuth 2 E2E with code
I'm New to security & JAVA and I need to implement token follow of OAuth2, this is the exact flow which I need to implement (if there is some library which can help it's great ) 我是安全和JAVA的新手,我需要实现OAuth2的令牌跟踪,这是我需要实现的确切流程(如果有一些库可以帮助它很棒)
http://tutorials.jenkov.com/oauth2/authorization-code-request-response.html http://tutorials.jenkov.com/oauth2/authorization-code-request-response.html
How can I achieve it with JAVA, I want to use some library that provide this functionality. 如何使用JAVA实现它,我想使用一些提供此功能的库。 the token flow should be against the UAA but any other similar example will be very helpful.
令牌流应该是针对UAA的,但任何其他类似的例子都会非常有用。 i've found this example but not sure how to use/test it E2E with UAA Postman will be very helpful to simulate it...
我已经找到了这个例子但不确定如何使用/测试它与UAA邮差的E2E将非常有助于模拟它...
https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2 https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2
UAA context UAA背景
https://github.com/cloudfoundry/uaa https://github.com/cloudfoundry/uaa
I would suggest you Spring as the most popular framework for building web apps in Java. 我建议你将Spring作为用Java构建Web应用程序的最流行的框架。 It has Spring Security module that can facilitate developing OAuth 2.0 clients as well as resource servers, as shown here or here .
它具有Spring Security模块,可以方便开发OAuth 2.0客户端以及资源服务器,如此处或此处所示。
For a detailed explanation of the OAuth 2.0 flow, visit RFC 6749 Specification . 有关OAuth 2.0流程的详细说明,请访问RFC 6749规范 。 Regarding a step by step solution, you ought to see some tutorials such as this article explaining how to create a Spring REST API using OAuth 2.0 .
关于一步一步的解决方案,您应该看到一些教程,例如本文解释如何使用OAuth 2.0创建Spring REST API 。 This article goes through code as well as creating Postman requests.
本文将介绍代码以及创建Postman请求。 With regards to mocking/tests, I've previously created a test suite for the OAuth 2.0 using TestNG and Mockito.
关于模拟/测试,我之前使用TestNG和Mockito为OAuth 2.0创建了一个测试套件。
The more you develop and research, the more you shall find ways of improving or rather change the way you design your code. 您开发和研究的越多,您就越能找到改进或改变代码设计方式的方法。 That said if you really want to abide by the OAuth 2.0 flow, you should properly understand the flow (which can be relatively vague at times) in the RFC 6749 link.
也就是说,如果您真的想要遵守OAuth 2.0流程,那么您应该正确理解RFC 6749链接中的流程(有时可能相对模糊)。
Here is the Google API clinet library sample. 这是Google API clinet库示例。 Try this if it helps
如果它有帮助,试试这个
public class ServletSample extends AbstractAuthorizationCodeServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException {
// do stuff
}
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
return url.build();
}
@Override
protected AuthorizationCodeFlow initializeFlow() throws IOException {
return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
new NetHttpTransport(),
new JacksonFactory(),
new GenericUrl("https://server.example.com/token"),
new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
"s6BhdRkqt3",
"https://server.example.com/authorize").setCredentialDataStore(
StoredCredential.getDefaultDataStore(
new FileDataStoreFactory(new File("datastoredir"))))
.build();
}
@Override
protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
// return user ID
}
}
public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {
@Override
protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
throws ServletException, IOException {
resp.sendRedirect("/");
}
@Override
protected void onError(
HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
throws ServletException, IOException {
// handle error
}
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
return url.build();
}
@Override
protected AuthorizationCodeFlow initializeFlow() throws IOException {
return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
new NetHttpTransport(),
new JacksonFactory(),
new GenericUrl("https://server.example.com/token"),
new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
"s6BhdRkqt3",
"https://server.example.com/authorize").setCredentialDataStore(
StoredCredential.getDefaultDataStore(
new FileDataStoreFactory(new File("datastoredir"))))
.build();
}
@Override
protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
// return user ID
}
}
https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2包含使用Spring Security执行oauth2的示例代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.