我在我的controller中使用了以下代码。我正在使用spring cloud,下面是我在web-portal控制器中的代码
@RequestMapping(method = RequestMethod.GET, value = "/")
@ResponseBody
public void auth(HttpServletRequest request, HttpServletResponse response) throws Exception {
LOG.info("In loop1");
String urlCurrent = request.getRequestURL().toString();
URL url = new URL(urlCurrent);
String urlString = AUTHORISATION_URL + "?response_type=code&client_id=" + CLIENT_ID + "&redirect_uri="
+ REDIRECT_URL;
String query = url.getQuery();
String code = request.getParameter("code");
String sessionState = request.getParameter("session_state");
LOG.info("Values :: query::" + query + " code " + code + "=" + code + " sessionState::" + sessionState);
if (code == null) {
response.sendRedirect(response.encodeRedirectURL(urlString));
} else if (code != null && sessionState != null) {
LOG.info("session ID in method 1: " + request.getSession().getId());
urlRedirectionAfterAuthentication(code, request, response);
} else {
response.sendRedirect(response.encodeRedirectURL(urlString));
}
}
@ResponseBody
public void urlRedirectionAfterAuthentication(String code, HttpServletRequest request, HttpServletResponse response)
throws Exception {
LOG.info("In Redirection Method");
HttpSession session = request.getSession();
session.setAttribute("authorisationCode", code);
ADUser aduser = getAccessTokenAndUserInfo(request);
LOG.info("session ID in method 2: " + request.getSession().getId());
response.sendRedirect(REDIRECT_URL + "/index.html?lastName=" + aduser.getLastName() + "&firstName="
+ aduser.getFirstName() + "&emailId=" + aduser.getEmailId());
//AsymmetricKeyCredential credential =
}
@RequestMapping(value = "getAccessTokenAndUserInfo", method = RequestMethod.GET)
public ADUser getAccessTokenAndUserInfo(HttpServletRequest request) {
LOG.info("Get Access Token");
ExecutorService service = Executors.newFixedThreadPool(1);
AuthenticationContext context = null;
HttpSession session = request.getSession();
LOG.info("session ID in method 3: " + request.getSession().getId());
// String code = session.getAttribute("authorisationCode").toString();
ADUser adUser = new ADUser();
try {
context = new AuthenticationContext(AUTHORITY, false, service);
} catch (MalformedURLException e) {
LOG.error("Malformed URL: ", e);
}
ClientCredential credential = new ClientCredential(CLIENT_ID, CLIENT_SECRET);
Future<AuthenticationResult> authResultFuture = null;
try {
/* authResultFuture = context.acquireTokenByAuthorizationCode(
session.getAttribute("authorisationCode").toString(), new URI(REDIRECT_URL), credential, RESOURCE,
null);*/
authResultFuture = context.acquireToken(
new URI(REDIRECT_URL), credential, RESOURCE,
null);
} catch (URISyntaxException e) {
LOG.error("URISyntaxException: ", e);
}
String userEmail = null;
try {
LOG.info("Access token: " + authResultFuture.get().getAccessToken());
LOG.info("Expiry Time: " + authResultFuture.get().getExpiresAfter());
LOG.info("Refresh Time: " + authResultFuture.get().getRefreshToken());
LOG.info("User Info Display ID: " + authResultFuture.get().getUserInfo().getDisplayableId());
LOG.info("User Info Family ID: " + authResultFuture.get().getUserInfo().getFamilyName());
LOG.info("User Info Given Name: " + authResultFuture.get().getUserInfo().getGivenName());
LOG.info("Getting user info");
userEmail = authResultFuture.get().getUserInfo().getDisplayableId();
LOG.info("User email: " + userEmail);
adUser.setAccessToken(authResultFuture.get().getAccessToken());
adUser.setAuthorisationCode(session.getAttribute("authorisationCode").toString());
adUser.setEmailId(authResultFuture.get().getUserInfo().getDisplayableId());
adUser.setFirstName(authResultFuture.get().getUserInfo().getGivenName());
adUser.setLastName(authResultFuture.get().getUserInfo().getFamilyName());
adUser.setRefreshToken(authResultFuture.get().getRefreshToken());
adUser.setTimeToLive(String.valueOf(authResultFuture.get().getExpiresAfter()));
return adUser;
} catch (InterruptedException | ExecutionException e) {
LOG.error("ExecutionException: ", e);
return null;
}
}
In the method urlRedirection, if i do not use index.html, the loop is infinite:
response.sendRedirect(REDIRECT_URL + "/index.html?lastName=" + aduser.getLastName() + "&firstName="
+ aduser.getFirstName() + "&emailId=" + aduser.getEmailId()
但是当我使用/index.html AD登录app时,让我无需身份验证。我在maven中使用以下依赖:
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>adal4j</artifactId>
</dependency>
答案 0 :(得分:0)
ADAL是一个帮助您获取令牌以调用Web服务的库。就是这样。它实际上不会帮助您将用户签名到Web应用程序(即建立会话),保护您的Web应用程序或保护Web服务。
此时我可以为您提供的最佳建议是找到一个开源的OpenID Connect或OAuth弹簧库/中间件,并使用它来连接到Azure AD。