如何动态定义刷新令牌中的请求标头发送的OAuth2客户端?

时间:2019-06-04 23:35:11

标签: spring-boot oauth-2.0 jhipster

在使用Jhipster和Oauth2和UAA创建的微服务框架中,我已经看到,通过在“ localhost:8080 / auth / login”登录,sendPasswordGrant(String username,String password)方法设置了一个静态客户端:密码值,并使用HttpEntity将此信息发送到UAA(OAuth服务器)。在请求标头中,为了使客户端动态,我在登录控制器方法中添加了@RequestHeader("Authorization") String autorization参数,但是,在刷新令牌过程中,系统需要设置client:password,但我没有找到方法设置登录信息中发送的数据,就像我登录时一样。

根据我对刷新令牌过程的了解,有时会调用sendRefreshGrant(String refreshTokenValue)方法,该方法会将值静态分配给client:password。如何使刷新令牌获取客户端在HTTP标头中发送的client:password?

我更改为动态设置客户端数据的方法:

@Override
public OAuth2AccessToken sendPasswordGrant(String username, String password, String autorization) {
HttpHeaders reqHeaders = new HttpHeaders();
reqHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
reqHeaders.add("Authorization", autorization);
MultiValueMap<String, String> formParams = new LinkedMultiValueMap<>();
formParams.set("username", username);
formParams.set("password", password);
formParams.set("grant_type", "password");
//      addAuthentication(reqHeaders, formParams);
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(formParams, reqHeaders);
log.debug("contacting OAuth2 token endpoint to login user: {}", username);
ResponseEntity<OAuth2AccessToken>
   responseEntity = restTemplate.postForEntity(getTokenEndpoint(), entity, OAuth2AccessToken.class);
if (responseEntity.getStatusCode() != HttpStatus.OK) {
   log.debug("failed to authenticate user with OAuth2 token endpoint, status: {}", responseEntity.getStatusCodeValue());
   throw new HttpClientErrorException(responseEntity.getStatusCode());
}
OAuth2AccessToken accessToken = responseEntity.getBody();
return accessToken;
}

通过调用方法addAuthentication(headers, params)静态设置客户端的刷新令牌方法的代码:

@Override
public OAuth2AccessToken sendRefreshGrant(String refreshTokenValue) {
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("grant_type", "refresh_token");
params.add("refresh_token", refreshTokenValue);
HttpHeaders headers = new HttpHeaders();
addAuthentication(headers, params); // This method adds the static "client:password"
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(params, headers);
log.debug("contacting OAuth2 token endpoint to refresh OAuth2 JWT tokens");
ResponseEntity<OAuth2AccessToken> responseEntity = restTemplate.postForEntity(getTokenEndpoint(), entity,
                                                                     OAuth2AccessToken.class);
if (responseEntity.getStatusCode() != HttpStatus.OK) {
   log.debug("failed to refresh tokens: {}", responseEntity.getStatusCodeValue());
   throw new HttpClientErrorException(responseEntity.getStatusCode());
}
OAuth2AccessToken accessToken = responseEntity.getBody();
log.info("refreshed OAuth2 JWT cookies using refresh_token grant");
return accessToken;
}

0 个答案:

没有答案
相关问题
最新问题