如何在spring security上创建oauth 2用户名密码流

时间:2011-10-25 14:14:31

标签: spring authentication spring-security oauth-2.0

我正在尝试在spring security上实现oauth2用户名密码流 但我找不到任何文档和示例代码 我正在浏览sparklr和tonr insode oauth2样本 我怎样才能实现它oauth2 2 legged 我该如何禁用登录表单                                                               

    <form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp"
        login-processing-url="/login.do" />
    <logout logout-success-url="/index.jsp" logout-url="/logout.do" />
    <anonymous />
    <custom-filter ref="oauth2ProviderFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>

1 个答案:

答案 0 :(得分:8)

默认的sparklr也支持用户名和密码流, 很容易,你只需要编写客户端客户端如下所示: 我最终成功了;

public class App {

private static RestTemplate client=getRestTemplate();

    private static int DEFAULT_PORT = 8080;

private static String DEFAULT_HOST = "localhost";

private static int port=DEFAULT_PORT;

private static String hostName = DEFAULT_HOST;


 public static  void main(String[] args) throws IOException {
    try {
        testHappyDayWithForm();
    } catch (Exception ex) {
        Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
    }
}


public static void testHappyDayWithForm() throws Exception {

    MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
    formData.add("grant_type", "password");
    formData.add("client_id", "my-trusted-client");
    formData.add("scope", "read");
    formData.add("username", "muhammed");
    formData.add("password", "1234");

    ResponseEntity<String> response = postForString("/sparklr/oauth/token", formData);
    System.out.println( response.getStatusCode());
    System.out.println(response.getHeaders().getFirst("Cache-Control"));

    DefaultOAuth2SerializationService serializationService = new DefaultOAuth2SerializationService();
    OAuth2AccessToken accessToken = serializationService.deserializeJsonAccessToken(new ByteArrayInputStream(
            response.getBody().getBytes()));

    // now try and use the token to access a protected resource.

    // first make sure the resource is actually protected.
    //assertNotSame(HttpStatus.OK, serverRunning.getStatusCode("/sparklr/photos?format=json"));

    // now make sure an authorized request is valid.
    HttpHeaders headers = new HttpHeaders();
    headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, accessToken.getValue()));
    //assertEquals(HttpStatus.OK, serverRunning.getStatusCode("/sparklr/photos?format=json", headers));
}

    public static ResponseEntity<String> postForString(String path, MultiValueMap<String, String> formData) {
    HttpHeaders headers = new HttpHeaders();
    headers.setAccept(Arrays.asList(MediaType.APPLICATION_FORM_URLENCODED));
            System.out.println(getUrl(path));
    return client.exchange(getUrl(path), HttpMethod.POST, new HttpEntity<MultiValueMap<String, String>>(formData,
            headers), String.class);
}
    public static String getUrl(String path) {
    if (!path.startsWith("/")) {
        path = "/" + path;
    }
    return "http://" + hostName + ":" + port + path;
}

    public static RestTemplate getRestTemplate() {
    RestTemplate client = new RestTemplate();
    CommonsClientHttpRequestFactory requestFactory = new CommonsClientHttpRequestFactory() {
        @Override
        protected void postProcessCommonsHttpMethod(HttpMethodBase httpMethod) {
            httpMethod.setFollowRedirects(false);
            // We don't want stateful conversations for this test
            httpMethod.getParams().setCookiePolicy(CookiePolicy.IGNORE_COOKIES);
        }
    };
    client.setRequestFactory(requestFactory);
    client.setErrorHandler(new ResponseErrorHandler() {
        // Pass errors through in response entity for status code analysis
        public boolean hasError(ClientHttpResponse response) throws IOException {
            return false;
        }

        public void handleError(ClientHttpResponse response) throws IOException {
        }
    });
    return client;
}