我在Spring启动应用程序上启用了OAuth2(AuthorizationServer)
我想在从移动应用程序传递访问令牌时使用REST请求对Facebook用户进行身份验证。
我有接收facebook令牌的控制器
@RequestMapping(value = "/login-with-fb", method = RequestMethod.POST)
public boolean fb(@RequestParam String token) {
System.out.ptintln("Yay i have the token"+token);
return true;
}
这和这个控制器应该做的一样多,我想所有的魔法都应该发生在过滤器中,这是我的资源服务器在这里注入的:
@Override
protected void configure(HttpSecurity http) throws Exception {
.antMatcher("/**").authorizeRequests()//All request are protected by default
.antMatchers("/abc/**").permitAll()
.antMatchers("/xyz/**").hasAuthority("ROLE_USER")
//We plugin facebook filter here
.and().addFilterBefore(facebookFilter(), BasicAuthenticationFilter.class);
}
最后过滤器会是什么样子?
private Filter facebookFilter() {
// What goes here? I assume we need to get the token,
// pass it to FB to validate it again then retrieve/create user
// and then somehow generate and return an OAuth2 token
// So that user can use that token instead of FB token
// to access secure content on my server
}
还是有更好的方法来实现同样的目标吗?