Spring Oauth2,尝试在用户注册api调用期间获取access_token,而不通过oauth / token端点获取

时间:2016-12-14 17:48:10

标签: java spring oauth spring-security-oauth2

好的,我有一个Mobile to Spring Java API Rest堆栈。我已按照春季指南https://projects.spring.io/spring-security-oauth/docs/oauth2.html中的描述实现了Oauth2安全性。我使用标准的oauth / token端点让用户使用凭据登录。由于我们正在尝试合并移动设备对API的调用,我们希望在registration / step2端点的响应中放置一个access_token对象(此时用户凭据和密码已保留到数据库)。我不知道我需要添加哪些代码才能以这种方式获取access_token?

我知道我必须使用TokenGranter的一些参数进行一些DefaultTokenRequest。这是我的一些配置:                      

<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>


<!-- Default authentication manager -->
<!--<security:authentication-manager alias="authenticationManager">-->
<!--<security:authentication-provider user-service-ref='userService' />-->
<!--<security:authentication-provider ref="daoAuthenticationProvider" />-->
<!--</security:authentication-manager>-->


<!--New authentication manager  -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="authenticationProvider"/>
    <security:authentication-provider user-service-ref='userService' />
</security:authentication-manager>

<beans:bean id="authenticationProvider" class="com.special.authenticationProvider" >
    <property name="userDetailsService" ref="userService" />
    <property name="passwordEncoder" ref="passwordEncoder" />
    <property name="saltSource" ref="saltSource" />
</beans:bean>


<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetailsService" />
</bean>

<!-- Authentication manager for OAUTH token request endpoint -->
<security:authentication-manager id="clientAuthenticationManager">
    <security:authentication-provider user-service-ref="clientDetailsUserService" />
</security:authentication-manager>

<!-- oauth token storage -->
<bean id="oauthDataSource"
      class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="${database.driverClassName}" />
    <property name="url" value="${database.url}" />
    <property name="username" value="${database.username}" />
    <property name="password" value="${database.password}" />
</bean>

<bean id="tokenStore"
      class="com.special.JdbcTokenStoreUserID">
</bean>

<bean id="tokenStoreCore"
      class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
    <constructor-arg ref="oauthDataSource" />
</bean>


<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="true" />
    <property name="clientDetailsService" ref="clientDetailsService" />
    <property name="tokenEnhancer" ref="customTokenEnhancer" />
</bean>

<bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
    <property name="tokenServices" ref="tokenServices" />
</bean>
<bean id="customTokenEnhancer" class="com.special.CustomTokenEnhancer"></bean>

0 个答案:

没有答案
相关问题
最新问题