使用spring rest模板使用Oauth2(授权代码)rest api
[英]consume Oauth2 (authorization code) rest api with spring rest template
问题描述
I'm trying to consume a rest web service in spring integration project. 
我正在尝试在Spring集成项目中使用其余的Web服务。 This web service is secured with oauth2 (authorization code).Any idea how to achieve this? 该Web服务由oauth2(授权代码)保护。任何想法如何实现?
I tried using OAuth2RestTemplate but it gave me an error: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval 我尝试使用OAuth2RestTemplate,但它给了我一个错误: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
Below is my code. 下面是我的代码。
import java.util.Arrays;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
public class OAuth2Client1 {
public static void main(String[] args) {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setId("My Developer");
resource.setClientId("xxxxxx");
resource.setClientSecret("xxxxxx");
resource.setAccessTokenUri("https://api.infusionsoft.com/token");
resource.setUserAuthorizationUri("https://signin.infusionsoft.com/app/oauth/authorize");
resource.setPreEstablishedRedirectUri("https://myapps.com:8181/my_work");
resource.setScope(Arrays.asList("full"));
try {
AuthorizationCodeAccessTokenProvider authProvider =
new AuthorizationCodeAccessTokenProvider();
AccessTokenRequest request = new DefaultAccessTokenRequest();
String str = authProvider.obtainAuthorizationCode(resource, request);
System.out.println(str);
} catch (Exception e) {
e.printStackTrace();
}
}
}
2 个解决方案
解决方案1
1 已采纳 2018-01-22 16:14:29
Authorization Code flow is used to authenticate user in web browser through redirect. 授权代码流用于通过重定向在Web浏览器中对用户进行身份验证。 It requires user authentication by username and password. 它要求通过用户名和密码进行用户身份验证。
Your case is about communication between two services, also called as M2M (machine-to-machine). 您的案例涉及两个服务之间的通信,也称为M2M(机器对机器)。 Service is not allowed to store user credentials by itself due security reasons. 由于安全原因,服务本身不允许存储用户凭据。 You should use Client Credentials flow that requred only client id and client secret for authentication. 您应该使用仅需要客户端ID和客户端密钥进行身份验证的客户端凭据流。 So then you'll able to use OAuth2RestTemplate. 这样便可以使用OAuth2RestTemplate。
解决方案2
0 2018-01-20 18:17:36
If the service is secured with oAuth2, you must play with oAuth rules in order to get to the resource server. 如果服务受oAuth2保护,则必须使用oAuth规则才能访问资源服务器。 It means your app needs to register and get clientID and client-secret, then the users of your app can use it to oAuth-connect... 这意味着您的应用程序需要注册并获取clientID和client-secret,然后您的应用程序用户才能使用它来进行oAuth连接...
It does not matter HOW you invoke the call, you have to use oAuth. 调用调用的方式无关紧要,必须使用oAuth。 OAuth2RestTemplate is just a Spring's RestTemplate implementation for oAuth developers, that abstracts some logic that is relevant for oAuth... OAuth2RestTemplate只是oAuth开发人员的Spring RestTemplate实现,它抽象了一些与oAuth相关的逻辑...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.