我想从请求中提取用户名和密码,以便我可以与数据库进行交叉验证。
我想要实现的目标 从HTTP请求中提取信息用户名= Test& password = Test @ 123 并从DB而不是application.properties中的硬编码值进行测试。
目前我能够实现--user testClient:123456。 请提出一种方法来获取名称和密码。
Http Call :
curl -X POST --user testClient:123456 http://localhost:8090/oauth/token -H "accept: application/json" -H "content-type: application/x-www-form-urlencoded" -d "grant_type=password&username=Test&password=Test@123&scope=read_profile"
application.properties:
**security.user.name=Test
security.user.password=Test@123**
spring.datasource.url=jdbc:mysql://localhost/oauth
spring.datasource.username=root
spring.datasource.password=password
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
spring.jpa.properties.hibernate.hbm2ddl.auto=validate
Auth服务器类
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.JdbcApprovalStore;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import javax.sql.DataSource;
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends
AuthorizationServerConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(OAuth2AuthorizationServer.class);
@Autowired
AuthenticationManager authenticationManager;
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public ApprovalStore approvalStore() {
return new JdbcApprovalStore(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.approvalStore(approvalStore())
.tokenStore(tokenStore())
// important to add if want to add support the password
.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
clients.jdbc(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(4);
}
}
答案 0 :(得分:0)
您正在使用Spring的已实施端点/oauth/token来获取令牌。此端点存在于TokenEndpoint类中。
@RequestMapping(
value = {"/oauth/token"},
method = {RequestMethod.POST}
)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException("There is no client authentication. Try adding an appropriate authentication filter.");
} else {
此端点采用主要对象和地图。您作为基本身份验证传递的客户端凭据将作为主体,而grant_type,username,password,scope等其他参数将作为请求参数中的映射。
OAuth2RequestFactory获取这些参数和经过身份验证的客户端信息以创建令牌请求。然后,TokenGranter接受此令牌请求以授予令牌。
这些事情发生在幕后,所以你没有明确提取请求的用户信息。