Android:如何使用post请求从spring secuity Oauth服务器访问访问令牌

时间:2016-06-30 10:12:33

标签: android oauth-2.0 restful-authentication

我在myserver中开发了一个oauth spring安全项目。当客户端请求身份验证时,服务器检查客户端凭据和用户凭据,并在请求有效时发出访问令牌。请求应包含客户端凭据(即, client_id& client_secret),用户凭证(即用户名和密码)和授权类型作为密码。现在我想在我的Android应用程序中设置一个oauth使用者,它向该oauth服务器请求访问令牌的指定数据。如何我可以在android中做到这一点吗?如果有人知道,请帮助我这样做.Below是我的春季安全oauth配置。

spring-security.xml:

    <?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd ">
<http pattern="/oauth/token" create-session="stateless"  authentication-manager-ref="authenticationManager"
    xmlns="http://www.springframework.org/schema/security" > 

    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" method="GET" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> 
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<http pattern="/resources/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
    xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/resources/**" method="GET" />
    <!-- <intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_FULLY" /> -->
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<http pattern="/logout" create-session="never" 
    entry-point-ref="oauthAuthenticationEntryPoint"
    xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/logout" method="GET" />
    <sec:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler"   />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<bean id="logoutSuccessHandler" class="com.example.myproject.oauth.LogoutImpl" >
    <property name="tokenstore" ref="tokenStore"></property>
</bean>

<bean id="oauthAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</bean>

<bean id="clientAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="springsec/client" />
    <property name="typeName" value="Basic" />
</bean>

<bean id="oauthAccessDeniedHandler"
    class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</bean>

<bean id="clientCredentialsTokenEndpointFilter"
    class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<authentication-manager alias="authenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

<bean id="clientDetailsUserService"
    class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
</bean>

<bean id="clientDetails" class="com.example.myproject.oauth.ClientDetailsServiceImpl"/>

<authentication-manager id="userAuthenticationManager" 
    xmlns="http://www.springframework.org/schema/security">
    <authentication-provider  ref="customUserAuthenticationProvider">
    </authentication-provider>
</authentication-manager>

<bean id="customUserAuthenticationProvider"
    class="com.example.myproject.oauth.CustomUserAuthenticationProvider">
</bean>

<oauth:authorization-server
    client-details-service-ref="clientDetails" token-services-ref="tokenServices">
    <oauth:authorization-code />
    <oauth:implicit/>
    <oauth:refresh-token/>
    <oauth:client-credentials />
    <oauth:password authentication-manager-ref="userAuthenticationManager"/>
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter"
    resource-id="springsec" token-services-ref="tokenServices" />

<bean id="tokenStore"
    class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />

<bean id="tokenServices" 
    class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="true" />
    <property name="accessTokenValiditySeconds" value="300000"></property>
    <property name="clientDetailsService" ref="clientDetails" />
</bean>


<mvc:annotation-driven />   <!-- Declares explicit support for annotation-driven MVC controllers  @RequestMapping, @Controller -->

<mvc:default-servlet-handler />

<bean id="MyResource" class="com.example.myproject.oauth.MyResource"></bean>

</beans>

0 个答案:

没有答案