我正在添加OAuth2.0来保护我的WebAPI。我试图在用户登录时获取访问令牌。这是我登录后尝试获取用户信息的方式
@RequestMapping(value = "/login/{username}/{password}", method = RequestMethod.GET)
public ResponseEntity<User> login(@PathVariable String username, @PathVariable String password) {
if (!username.isEmpty() && !password.isEmpty()) {
User user = userService.login(username, password);
return new ResponseEntity<>(user, HttpStatus.OK);
}
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
这就是我实现代码来获取访问令牌的方法
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
当用户点击正确的用户名和密码时,我可以手动获取访问令牌。 现在,我需要使用访问令牌显示用户详细信息,如下所示
{ "userId":14, "fullName":"Nishan Dhungana",
"email":"justin@live.com", "address":"Hokse", "contact":null,
"dob":null, "active":false, "createdAt":1519196604347,
"username":"nishanjjj41", "password":"nishan123" ,
"value":"7f228939-5f8e-4c29-b2d9-9ac78d0c16d8",
"expiration":1519542443387, "tokenType":"bearer" }
是否可以通过访问令牌获取用户详细信息