我是安全新手。 JAVA和我需要实现OAuth2的令牌跟随,这是我需要实现的确切流程(如果有一些库可以帮助它很棒)
http://tutorials.jenkov.com/oauth2/authorization-code-request-response.html
如何使用JAVA实现它,我想使用一些提供此功能的库。令牌流应该是针对UAA的,但任何其他类似的例子都会非常有用。 我找到了这个例子,但不知道如何使用/测试它与UAA的E2E 邮差将非常有助于模拟它...
https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2
UAA背景
答案 0 :(得分:4)
答案 1 :(得分:1)
有关OAuth 2.0流程的详细说明,请访问RFC 6749 Specification。关于逐步解决方案,您应该看到一些教程,例如this article explaining how to create a Spring REST API using OAuth 2.0。本文将介绍代码以及创建Postman请求。关于模拟/测试,我之前使用TestNG和Mockito为OAuth 2.0创建了测试套件。
您开发和研究的越多,您就越能找到改进或改变代码设计方式的方法。如果您真的想要遵守OAuth 2.0流程,那么您应该正确理解RFC 6749链接中的流程(有时可能相对模糊)。
答案 2 :(得分:1)
以下是Google API clinet库示例。如果有帮助,试试这个
public class ServletSample extends AbstractAuthorizationCodeServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException {
// do stuff
}
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
return url.build();
}
@Override
protected AuthorizationCodeFlow initializeFlow() throws IOException {
return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
new NetHttpTransport(),
new JacksonFactory(),
new GenericUrl("https://server.example.com/token"),
new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
"s6BhdRkqt3",
"https://server.example.com/authorize").setCredentialDataStore(
StoredCredential.getDefaultDataStore(
new FileDataStoreFactory(new File("datastoredir"))))
.build();
}
@Override
protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
// return user ID
}
}
public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {
@Override
protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
throws ServletException, IOException {
resp.sendRedirect("/");
}
@Override
protected void onError(
HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
throws ServletException, IOException {
// handle error
}
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
return url.build();
}
@Override
protected AuthorizationCodeFlow initializeFlow() throws IOException {
return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
new NetHttpTransport(),
new JacksonFactory(),
new GenericUrl("https://server.example.com/token"),
new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
"s6BhdRkqt3",
"https://server.example.com/authorize").setCredentialDataStore(
StoredCredential.getDefaultDataStore(
new FileDataStoreFactory(new File("datastoredir"))))
.build();
}
@Override
protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
// return user ID
}
}
答案 3 :(得分:1)
https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2包含使用Spring Security执行oauth2的示例代码。