我正在努力使用OAuth2来保护我们的REST api。 我写的代码不是完整的代码,目前我只是测试它..
使用以下代码我正在发出令牌请求。
public class OauthClientmine {
public static void main (String args[]) throws OAuthSystemException, IOException, OAuthProblemException{
getToken();
}
public static void getToken() throws OAuthSystemException, IOException, OAuthProblemException{
OAuthClientRequest request = OAuthClientRequest
.tokenLocation("http://localhost:8080/xina/webapi/token")
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId("xina_client")
.setClientSecret("xinaisawesome")
.setCode("xyxyxy")
.setUsername("john")
.setRedirectURI("http://localhost:8080/xina/webapi/token")
.setPassword("password")
.buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthAccessTokenResponse oauthResponse = oAuthClient.accessToken(request);
final OAuthAccessTokenResponse oAuthResponse = oAuthClient.accessToken(request);
System.out.println(oauthResponse.getAccessToken());
System.out.println(oauthResponse.getExpiresIn());
System.out.println( request.getLocationUri());
}}
收到令牌请求后,我正在验证客户详细信息,然后我将使用以下代码发送授权令牌。
@Path("/token")
public class AuthorizeClient {
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response getToken(@Context HttpServletRequest tokenRequest) throws OAuthSystemException, OAuthProblemException{
//OAuthTokenRequest oauthRequest = new OAuthTokenRequest(tokenRequest);
System.out.println( request.getClass());
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
OAuthResponse response = OAuthASResponse
.tokenResponse(HttpServletResponse.SC_OK)
.setAccessToken(oauthIssuerImpl.accessToken())
.setExpiresIn("3600")
.buildJSONMessage();
return Response.status(response.getResponseStatus())
.entity(response.getBody())
.build();
}}
但我面临的问题是我的请求 tokenRequest 为空,我不确定如何在发送令牌
之前拦截客户端详细信息