我目前正在使用Spring Boot实施REST Api,并通过OAuth2对其进行保护。这是我目前的情况:
POST http://<host>/users/register
{
"id": "6061b5c0-a817-4fff-ba1f-c7f4e94080ed",
"name": "Name",
"email": "user@email.com",
"password": "$2a$12$R7yw/HbLmFzMpkzsWOqLp.I.itHRo7B/9MXKNrpArvK/Lfta0Z.I.",
"createdAt": "2019-12-14T22:00:46.682+0000"
...
}
@PostMapping(value = "/register")
public ResponseEntity<User> register(@RequestBody final User user) {
final User createdUser = mUsersService.create(user);
return new ResponseEntity<>(createdUser, HttpStatus.CREATED);
}
POST http://<host>/oauth/token
{
"access_token": "03bd76f0-20bd-45ef-9adb-b0903345e590",
"token_type": "bearer",
"refresh_token": "a1022bbd-407a-4899-b1b0-20a889ed0419",
"expires_in": 82373,
"scope": "read write"
}
如何在/oauth/token端点上返回令牌JSON(由/users/register端点返回)。
答案 0 :(得分:0)
使用以下方法
private OAuth2AccessToken getToken(LoginResource loginResource) {
String access_token_url = "http://localhost:8080/api/oauth/token";
ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails();
resourceDetails.setGrantType("password");
resourceDetails.setAccessTokenUri(access_token_url);
//-- set the clients info
resourceDetails.setClientId("clientId");
resourceDetails.setClientSecret("clientSecret");
// set scopes
List<String> scopes = new ArrayList<>();
scopes.add("read");
scopes.add("write");
scopes.add("trust");
resourceDetails.setScope(scopes);
//-- set Resource Owner info
resourceDetails.setUsername(loginResource.getUserName());
resourceDetails.setPassword(loginResource.getPassword());
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails);
return oAuth2RestTemplate.getAccessToken();
}
答案 1 :(得分:0)
最后,检查完use std::collections::HashMap;
fn main() {
let mut data = HashMap::new();
data.insert(1, "a");
data.insert(2, "b");
data.insert(3, "c");
let processed = data
.into_iter()
.filter_map(process_and_maybe_add)
.collect::<HashMap<_, _>>();
dbg!(processed);
}
fn process_and_maybe_add((k, v): (u32, &str)) -> Option<(u32, String)> {
if k % 2 != 0 {
Some((k + 100, v.to_owned() + v))
} else {
None
}
}
端点中的数据后,我得出以下解决方案:
<button
type="button"
class="btn btn-secondary"
data-toggle="tooltip"
data-placement="bottom"
data-html="true"
title='SVG not displayed: <svg fill="red" width="24" height="24" xmlns="http://www.w3.org/2000/svg" xmlns:serif="http://www.serif.com/" fill-rule="evenodd" clip-rule="evenodd"><path serif:id="shape 22" d="M12 2c5.514 0 10 4.486 10 10s-4.486 10-10 10-10-4.486-10-10 4.486-10 10-10zm0-2c-6.627 0-12 5.373-12 12s5.373 12 12 12 12-5.373 12-12-5.373-12-12-12z"/></svg>'>
SVG is not displayed here
</button>
我要做的是使用转发的Principal(在我的情况下为客户端身份验证)和常规的/oauth/token private static final String PARAM_GRANT_TYPE = "grant_type";
private static final String PARAM_USERNAME = "username";
private static final String PARAM_PASSWORD = "password";
private static final String PARAM_GRANT_TYPE_VALUE_PASSWORD = "password";
@Autowired
private UsersService mUsersService;
@Autowired
private TokenEndpoint mTokenEndpoint;
@PostMapping(value = "/register")
public ResponseEntity<OAuth2AccessToken> register(final Principal principal,
@RequestParam final String name,
@RequestParam final String email,
@RequestParam final String password) throws HttpRequestMethodNotSupportedException {
final User user = mUsersService.create(name, email, password);
final Map<String, String> tokenParameters = new HashMap<>(3);
tokenParameters.put(PARAM_GRANT_TYPE, PARAM_GRANT_TYPE_VALUE_PASSWORD);
tokenParameters.put(PARAM_USERNAME, email);
tokenParameters.put(PARAM_PASSWORD, password);
return mTokenEndpoint.postAccessToken(principal, tokenParameters);
}
参数调用POST令牌终结点。