Java - 令牌流OAuth 2 E2E带代码

时间:2017-06-15 19:33:49

标签: java spring-security oauth-2.0 jwt cloudfoundry

我是安全新手。 JAVA和我需要实现OAuth2的令牌跟随,这是我需要实现的确切流程(如果有一些库可以帮助它很棒)

http://tutorials.jenkov.com/oauth2/authorization-code-request-response.html

如何使用JAVA实现它,我想使用一些提供此功能的库。令牌流应该是针对UAA的,但任何其他类似的例子都会非常有用。 我找到了这个例子,但不知道如何使用/测试它与UAA的E2E 邮差将非常有助于模拟它...

https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2

UAA背景

https://github.com/cloudfoundry/uaa

4 个答案:

答案 0 :(得分:4)

我建议你将Spring作为用Java构建Web应用程序的最流行的框架。它具有Spring Security模块,可以帮助开发OAuth 2.0客户端和资源服务器,如herehere所示。

答案 1 :(得分:1)

有关OAuth 2.0流程的详细说明,请访问RFC 6749 Specification。关于逐步解决方案,您应该看到一些教程,例如this article explaining how to create a Spring REST API using OAuth 2.0。本文将介绍代码以及创建Postman请求。关于模拟/测试,我之前使用TestNG和Mockito为OAuth 2.0创建了测试套件。

您开发和研究的越多,您就越能找到改进或改变代码设计方式的方法。如果您真的想要遵守OAuth 2.0流程,那么您应该正确理解RFC 6749链接中的流程(有时可能相对模糊)。

答案 2 :(得分:1)

以下是Google API clinet库示例。如果有帮助,试试这个

    public class ServletSample extends AbstractAuthorizationCodeServlet {

  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException {
    // do stuff
  }

  @Override
  protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
    GenericUrl url = new GenericUrl(req.getRequestURL().toString());
    url.setRawPath("/oauth2callback");
    return url.build();
  }

  @Override
  protected AuthorizationCodeFlow initializeFlow() throws IOException {
    return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
        new NetHttpTransport(),
        new JacksonFactory(),
        new GenericUrl("https://server.example.com/token"),
        new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
        "s6BhdRkqt3",
        "https://server.example.com/authorize").setCredentialDataStore(
            StoredCredential.getDefaultDataStore(
                new FileDataStoreFactory(new File("datastoredir"))))
        .build();
  }

  @Override
  protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
    // return user ID
  }
}

public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {

  @Override
  protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
      throws ServletException, IOException {
    resp.sendRedirect("/");
  }

  @Override
  protected void onError(
      HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
      throws ServletException, IOException {
    // handle error
  }

  @Override
  protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
    GenericUrl url = new GenericUrl(req.getRequestURL().toString());
    url.setRawPath("/oauth2callback");
    return url.build();
  }

  @Override
  protected AuthorizationCodeFlow initializeFlow() throws IOException {
    return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
        new NetHttpTransport(),
        new JacksonFactory(),
        new GenericUrl("https://server.example.com/token"),
        new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
        "s6BhdRkqt3",
        "https://server.example.com/authorize").setCredentialDataStore(
            StoredCredential.getDefaultDataStore(
                new FileDataStoreFactory(new File("datastoredir"))))
        .build();
  }

  @Override
  protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
    // return user ID
  }
}

答案 3 :(得分:1)

https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2包含使用Spring Security执行oauth2的示例代码。