使用OpenAM令牌确定用户的Java REST API?

时间:2016-07-28 19:01:07

标签: java rest openam

我无法使用OpenAM验证用户令牌。特别是我应该创建什么类型的代理。是否有人可以推荐解决方案?

基本上,REST API将读取用户OpenAM tokenid并使用OpenAM验证令牌,然后OpenAM将返回包含用户名的数据。可以在REST API方法中使用该用户名来标识正在访问该方法的人员。

更简化的是如何使用OpenAM令牌获取OpenAM用户信息。

谢谢!

3 个答案:

答案 0 :(得分:5)

您可以使用以下端点:

  1. 验证用户:

    curl --request POST --header "X-OpenAM-Username: demo" \
--header "X-OpenAM-Password: changeit" \
--header "Content-Type: application/json"      
"http://openam.example.com:8080/sso/json/authenticate"

{"tokenId":"AQIC5wM2LY4SfcyTReB5nbrLt3QaH-7GhPuU2-uK2k5tJsA.*AAJTSQACMDEAAlNLABMyOTUxODgxODAwOTE0MTA4NDE3*","successUrl":"/sso/console"}

  2. 验证令牌:

    curl --request POST \
--header "Content-Type: application/json" \
"http://openam.example.com:8080/sso/json/sessions/AQIC5wM2LY4SfczadxSebQWi9UEyd2ZDnz_io0Pe6NDgMhY.*AAJTSQACMDEAAlNLABM3MTMzMTYwMzM1NjE4NTE4NTMx*?_action=validate"

{"valid":true,"uid":"demo","realm":"/"}

  3. 获取个人资料属性:

    curl --request GET \
--header "iPlanetDirectoryPro: AQIC5wM2LY4SfczadxSebQWi9UEyd2ZDnz_io0Pe6NDgMhY.*AAJTSQACMDEAAlNLABM3MTMzMTYwMzM1NjE4NTE4NTMx*" \
"http://openam.example.com:8080/sso/json/users/demo"

{"username":"demo","realm":"/","uid":["demo"],"userPassword":["{SSHA}cIgTNGHWd4t4Ff3SHa6a9pjMyn/Z3e3EOp5mrA=="],"sn":["demo"],"createTimestamp":["20160406210602Z"],"cn":["demo"],"givenName":["demo"],"inetUserStatus":["Active"],"dn":["uid=demo,ou=people,dc=example,dc=com"],"objectClass":["devicePrintProfilesContainer","person","sunIdentityServerLibertyPPService","inetorgperson","sunFederationManagerDataStore","iPlanetPreferences","iplanet-am-auth-configuration-service","organizationalperson","sunFMSAML2NameIdentifier","oathUser","inetuser","forgerock-am-dashboard-service","iplanet-am-managed-person","iplanet-am-user-service","sunAMAuthAccountLockout","top"],"universalid":["id=demo,ou=user,dc=openamcfg,dc=example,dc=com"]}

答案 1 :(得分:0)

我最终选择了idFromSession:

String httpsURL = "https://openam.example.com:8080/openam/json/users?_action=idFromSession";
URL url = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

//add request headers
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0");
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
con.setRequestProperty("Content-Type", "application/json");

// Add session token as header
con.setRequestProperty("iplanetdirectorypro", "AQIC5wM2LY4SfczUFNs-TJwFrCVAKgR0NulIAyNaIkQmjis.*AAJTSQACMDEA
     AlNLABQtNTQ3NDE2Njc5ODk4MjYzMzA2MQ..*");

// Send post request
con.setDoOutput(true);
// Read output
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));

然后在我使用的java REST API方法中:

// Enable Searching
var searchController: UISearchController!
var request: MKLocalSearchRequest!
var search: MKLocalSearch!
var response: MKLocalSearchResponse!
// Autocompletion
var searchCompleter = MKLocalSearchCompleter()
var searchResults = [MKLocalSearchCompletion]()

override func viewDidLoad() {
    searchCompleter.delegate = self
    searchCompleter.filterType = MKSearchCompletionFilterType.LocationsOnly
    super.viewDidLoad()
}

@IBAction func searchAction(sender: UIBarButtonItem) {
    searchController = UISearchController(searchResultsController: nil) // nil as I want the autocompletion results to appear in this view
    searchController.hidesNavigationBarDuringPresentation = false
    self.searchController.searchBar.delegate = self
    presentViewController(searchController, animated: true, completion: nil)
}

func completerDidUpdateResults(completer: MKLocalSearchCompleter) {
    searchResults = completer.results
    print(searchResults) // Shows me that this is working and that it is grabbing locations
    // I need to instead give these results to the UISearchController to display
}

func searchBar(searchBar: UISearchBar, textDidChange searchText: String){
    searchCompleter.queryFragment = searchBar.text!
}

func searchBarSearchButtonClicked(searchBar: UISearchBar){
    searchBar.resignFirstResponder()
    dismissViewControllerAnimated(true, completion: nil)

    //request = MKLocalSearchRequest(completion: /* user's completion selection*/)
    //Since I don't know the above, it currently just searches by user text
    request = MKLocalSearchRequest()
    request.naturalLanguageQuery = searchBar.text
    search = MKLocalSearch(request: request)
    search.startWithCompletionHandler {
        (response, error) -> Void in

        if response == nil{
            return
        }
        self.map.centerCoordinate = CLLocationCoordinate2D(latitude: response!.boundingRegion.center.latitude, longitude: response!.boundingRegion.center.longitude)
    }
}

基于HTTP POST:https://www.mkyong.com/java/how-to-send-http-request-getpost-in-java/

答案 2 :(得分:-1)

你不需要设置cookie .. 

   Response fieldResponse = given().auth().oauth2( oAuthLogin.getToken())
                .config(new RestAssuredConfig().
                        decoderConfig(
                                new DecoderConfig("UTF-8")
                        ).encoderConfig(
                        new EncoderConfig("UTF-8", "UTF-8")
                ))
                .header("iplanetDirectoryPro", oAuthLogin.getToken())
                .header("Content-Type", "application/json")
//                .contentType("application/json")
                .body(myRequest).with()
                .when()
                .post(dataPostUrl)
                .then()
                .assertThat()
                .log().ifError()
                .statusCode(200)
                .extract().response();

失败,因为错误的请求400.Same内容标题正在postman中工作。 我看到的只有差异是cookie。enter image description here 按邮递员工作

不使用使用了重新确认的框架enter image description here

相关问题
最新问题