[英]Issues with Generating Authorization code and User Token using Apache OAuth client 2.0 library in Java
我试图使用Java中的Apache OAuth Client 2.0 Library自动执行用户级别令牌创建/生成过程(REST /授权授予代码)。 以下是我从https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart获得的正在使用的代码,
`/*Previous Codes & starting the below with Try/Catch*/
OAuthClientRequest request = OAuthClientRequest
.authorizationLocation("Authorization URL")
.setClientId("ClientID")
.setRedirectURI("Redirect URL")
.buildQueryMessage();
request.getLocationUri();
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();
/*Other Codes and starting the below with Try/Catch*/
OAuthClientRequest request = OAuthClientRequest
.tokenLocation("TokenEndPointURL")
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId("ClientID")
.setClientSecret("ClientSecret")
.setRedirectURI("REdirectURL")
.setCode(code)//Authorization Code from above
.buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(request, GitHubTokenResponse.class);
String accessToken = oAuthResponse.getAccessToken();
String expiresIn = oAuthResponse.getExpiresIn();`
但是,我在以下几行中收到了(来自Eclipse中错误的推断)编译错误,
oauthCodeAuthzResponse方法接受httpservlet对象,并且不支持OAuthAuthzReponse Type
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
有人可以让我知道是否有解决方法吗? 或如何将oauthCodeAuthzResponse请求转换为httpservlet请求? 还是我做错了什么或缺少什么?
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();
我认为上面的代码应该写在重定向URI端点的实现中,而不是在客户端代码中。
正确理解授权码流将有所帮助。 授权代码从授权服务器的授权端点发出,并将其传递到重定向URI指向的位置。 也就是说,授权代码不会直接传递到客户端应用程序。
当授权服务器发出授权代码时,它将以下所示的HTTP响应发送回客户端的Web浏览器。
HTTP/1.1 302 Found
Location: {Redirect URI}
?code={Authorization Code} // - Always included
&state={Arbitrary String} // - Included if the authorization
// request included 'state'.
302 Found触发Web浏览器转到Location标头指向的Location 。 因此,您必须实现接收授权代码的位置,并且实现必须以某种方式将授权代码传递给客户端应用程序。
还要注意,在(a)授权请求(=对授权端点的请求)和(b)令牌请求(=对令牌端点的请求)之间显示授权页面(HTML),并且该页面需要最终用户相互作用。 有关详细信息,请参见“ 所有OAuth 2.0流程的图表和影片 ”中的“ 1.授权代码流程”。
最终,我能够使用httpclient生成令牌-请参见下面的逻辑。
获取授权码 :
public String getAuthCode(String authUrl, String userName, String password, String scope, String clientId,
String redirectUrl) throws ClientProtocolException, IOException, URISyntaxException
{
DefaultHttpClient httpclient = new DefaultHttpClient();
System.out.println("Adding Paramters to a Array List as NameValuePair");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("scope", scope));
params.add(new BasicNameValuePair("response_type", "code"));
params.add(new BasicNameValuePair("client_id", clientId));
params.add(new BasicNameValuePair("redirect_uri", redirectUrl));
System.out.println("Parameters List:" + params);
System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
URI uri = new URIBuilder(authUrl)
.addParameters(params)
.build();
System.out.println("Built URI:" + uri);
System.out.println("Creating HTTPGET with the Created URI");
HttpGet get = new HttpGet(uri);
System.out.println("HttpGet:" + get);
System.out.println("Creating Client Context");
HttpClientContext context = HttpClientContext.create();
System.out.println("Created Client Context:" + context);
System.out.println("Executing the GET Method with the created Client Context");
HttpResponse response = httpclient.execute(get, context);
System.out.println("HttpResponse:" + response);
System.out.println("Getting the Final URI from the Submitted Get Method");
URI finalUrl = get.getURI();
System.out.println("Final URL:" + finalUrl);
System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
List<URI> locations = context.getRedirectLocations();
System.out.println("List of URI:" + locations);
if (locations != null) {
finalUrl = locations.get(locations.size() - 1);
}
System.out.println("Taking the last URL as Final:" + finalUrl);
System.out.println("Creating Entity");
EntityUtils.consume(response.getEntity());
System.out.println("Consume the Entity:" + response.getEntity());
String userid = "username=".concat(userName);
System.out.println("UserID:" + userid);
String userPassword = "Password=".concat(password);
System.out.println("User Password:" + userPassword);
String cred = userid+"&"+userPassword;
System.out.println("User Credentials:" + cred);
HttpPost postReq = new HttpPost(finalUrl);
StringEntity entity = new StringEntity(cred);
postReq.setEntity(entity);
postReq.addHeader("Content-Type", "application/x-www-form-urlencoded");
postReq.addHeader("User-Agent", "MSIE 8.0");
HttpResponse responsePost = httpclient.execute(postReq,context);
List<Header> location = Arrays.asList(responsePost.getHeaders("Location"));
String locationUrl = location.get(0).getValue().toString();
String[] locationArray = locationUrl.split("=");
String authCode = locationArray[1].trim().toString();
//System.out.println(authCode);
EntityUtils.consume(responsePost.getEntity());
System.out.println("Response Post Entity:"+responsePost);
System.out.println("Authorization Code:" +authCode);
return authCode;
}
获取令牌 :
public List<String> getJwtToken(String clientId,String clientSecret, String authUrl,String tokenUrl,
String redirectUrl,String accessTokenScope, String LDAPuserName,String LDAPpassword) throws Exception
{
List<String> tokens = new ArrayList<String>();
//Generate the User Level Token & JWT Token using the Get/Post Method
DefaultHttpClient httpclient = new DefaultHttpClient();
System.out.println("Calling the get Auth Code Method");
String authCode = getAuthCode(authUrl, LDAPuserName, LDAPpassword, accessTokenScope, clientId, redirectUrl);
System.out.println("Authorization Code:" + authCode);
HttpPost tokenPost = new HttpPost(tokenUrl);
System.out.println("Token HttpPost:" + tokenPost);
System.out.println("Adding the Parameters in an ArrayList as NameValuePair");
List<NameValuePair> tokenParams = new ArrayList<NameValuePair>();
tokenParams.add(new BasicNameValuePair("client_id", clientId));
tokenParams.add(new BasicNameValuePair("client_secret", clientSecret));
tokenParams.add(new BasicNameValuePair("code", authCode));
tokenParams.add(new BasicNameValuePair("grant_type", "authorization_code"));
System.out.println("Token Call Parameter:" + tokenParams);
System.out.println("Setting the Parameters as URL Encoded Entity");
tokenPost.setEntity(new UrlEncodedFormEntity(tokenParams));
System.out.println("URL Encoded Entity" + tokenPost);
System.out.println("Executing the Token Post Method");
HttpResponse responseJWT = httpclient.execute(tokenPost);
System.out.println("Setting the Parameters as URL Encoded Entity" + responseJWT);
System.out.println("Parsing the ResponseJWT using JsonParser & JsonObjet");
JsonParser parser = new JsonParser();
System.out.println("Json Parser:" + parser);
JsonObject data = (JsonObject) parser.parse(new InputStreamReader(responseJWT.getEntity().getContent()));
System.out.println("Json Object" + data);
String token = data.get("access_token").toString();
System.out.println("Access Token:" + token);
String jwt="";
try
{
jwt = data.get("jwt_token").toString();
System.out.println("JWT Token:" + jwt);
}
catch(Exception ejwt)
{
System.out.println("Exception occured converting Jwt Token to String");
ejwt.printStackTrace();
}
String refresh = data.get("refresh_token").toString();
System.out.println("Refresh Token:" + refresh);
String accessToken = token.substring(1, token.length()-1);
tokens.add(0, accessToken);
System.out.println("Real Access Token:" + accessToken);
String jwtToken ="";
try
{
jwtToken = jwt.substring(1, jwt.length()-1);
tokens.add(1, jwtToken);
System.out.println("Real JWT Token:" + jwtToken);
}
catch(Exception ejwt)
{
System.out.println("Exception occured adding Jwt Token to String List");
ejwt.printStackTrace();
}
String refreshToken = refresh.substring(1, refresh.length()-1);
System.out.println("Real Refresh Token:" + refreshToken);
return tokens;
}
我已经使用了这种验证码方法。 制作验证码时出现此错误
> location->[]
[ERROR] 2018-10-12 14:16:59.414 [http-nio-8080-exec-3]
> [dispatcherServlet] - Servlet.service() for servlet
> [dispatcherServlet] in context with path [] threw exception [Request
> processing failed; nested exception is
> java.lang.ArrayIndexOutOfBoundsException: 0] with root cause
> java.lang.ArrayIndexOutOfBoundsException: 0
如何获取OAuth2.0访问令牌并使用此令牌通过Java客户端代码调用RESTFul Web服务?
[英]How to fetch OAuth2.0 Access Token and use this token to call RESTFul Web services using Java client code?
使用SkyDrive REST API从Java Desktop Client检索OAuth 2.0(隐式授权)的访问令牌。
[英]Retrieving access token of OAuth 2.0 (implicit grant) from java Desktop Client using SkyDrive REST API.
无需用户交互的 Google Cloud OAuth 2.0 请求令牌 - Java
[英]Google Cloud OAuth 2.0 Request Token without user interaction - Java
使用OAuth 2.0进行Java和Google Spreadsheets API授权
[英]Java and Google Spreadsheets API Authorization with OAuth 2.0
Swagger Codegen在为具有OAuth2.0安全性的Rest API生成Java客户端时无法正常工作
[英]Swagger Codegen is not working while generating java client for a Rest API having OAuth2.0 security
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.