您好我正在尝试构建像Stack Overflow这样的登录系统,但却找不到在JSP中执行此操作的正确方法。我在struts2工作。
答案 0 :(得分:2)
以下说明使用Oauth的单点登录(SSO),您可以为其创建类似于Stack Overflow的SSO系统。
使用scribe:https://github.com/fernandezpablo85/scribe-java/wiki/getting-started
以下示例将演示使用Twitter ...
1)展示获取Twitter凭据的动作。
package com.quaternion.struts2basic.action;
import com.opensymphony.xwork2.ActionSupport;
import java.util.Map;
import org.apache.struts2.convention.annotation.Result;
import org.apache.struts2.convention.annotation.Results;
import org.apache.struts2.interceptor.SessionAware;
import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.TwitterApi;
import org.scribe.model.Token;
import org.scribe.oauth.OAuthService;
@Results(value = {
@Result(name = "success", location = "${authorizationURL}", type = "redirect"),
@Result(name = "error", location = "/WEB-INF/content/error.jsp")
})
public class TwitterGrantAccess extends ActionSupport implements SessionAware {
private Map<String, Object> session;
private String authorizationURL = null;
@Override
public String execute() {
//Twitter twitter = new TwitterFactory().getInstance();
String consumer_key = "rUPV8tpIcFtyMeSDlnzclA";
String consumer_secret = "16omdjNoEYgwoXfZMc0XrXSxiHDaS0UZUxQzWhTFg";
OAuthService twitterService = new ServiceBuilder()
.provider(TwitterApi.class)
.apiKey(consumer_key)
.apiSecret(consumer_secret)
.callback("http://127.0.0.1:8080/Struts2Basic/twitter-callback")
.build();
Token requestToken = twitterService.getRequestToken();
authorizationURL = twitterService.getAuthorizationUrl(requestToken);
session.put("twitterService", twitterService);
session.put("requestToken", requestToken);
return SUCCESS;
}
public String getAuthorizationURL() {
return this.authorizationURL;
}
@Override
public void setSession(Map<String, Object> map) {
this.session = map;
}
}
2)Twitter重定向回...的行动。
package com.quaternion.struts2basic.action;
import com.opensymphony.xwork2.ActionSupport;
import java.util.Map;
import org.apache.struts2.convention.annotation.Result;
import org.apache.struts2.convention.annotation.Results;
import org.apache.struts2.interceptor.SessionAware;
import org.scribe.model.Token;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
@Results(value = {
@Result(name = "success", location = "/WEB-INF/content/twitter-callback-success.jsp"),
@Result(name = "error", location = "/WEB-INF/content/error.jsp")
})
public class TwitterCallback extends ActionSupport implements SessionAware {
private Map<String, Object> session;
private String key;
private String secret;
//returned from twitter
private String oauth_token;
private String oauth_verifier;
@Override
public String execute() {
if (session.containsKey("accessToken") && session.get("accessToken") != null) {
return SUCCESS; //accessToken already exists!
}
Token requestToken = (Token) session.get("requestToken");
if (requestToken == null) {
super.addActionError("requestToken is null");
return ERROR;
}
OAuthService twitterService = (OAuthService) session.get("twitterService");
System.out.println(requestToken.toString());
System.out.println(this.getOauth_verifier());
//Token accessToken = twitter.getOAuthAccessToken(requestToken, this.getOauth_verifier());
Token accessToken = twitterService.getAccessToken(requestToken, new Verifier(this.getOauth_verifier()));
session.put("accessToken", accessToken);
this.setKey(accessToken.getToken()); //just to see something happen
this.setSecret(accessToken.getSecret());//just to see something happen
return SUCCESS;
}
@Override
public void setSession(Map<String, Object> map) {
this.session = map;
}
public String getKey() {
return key;
}
public void setKey(String key) {
this.key = key;
}
public String getSecret() {
return secret;
}
public void setSecret(String secret) {
this.secret = secret;
}
public String getOauth_token() {
return oauth_token;
}
public void setOauth_token(String oauth_token) {
this.oauth_token = oauth_token;
}
public String getOauth_verifier() {
return oauth_verifier;
}
public void setOauth_verifier(String oauth_verifier) {
this.oauth_verifier = oauth_verifier;
}
}
我会省略这些观点,因为他们确实没有做任何事情
3)写一个“来自Struts2的Hello!”的动作,这不是很好,因为twitter只允许你运行一次因为状态相同不会让你再次发布它...但它得到了整个过程。更新状态后,如果您在重定向中更改了网址的“YOUR_USER_NAME”部分,则会重定向到您的Twitter页面。
package com.quaternion.struts2basic.action;
import com.opensymphony.xwork2.ActionSupport;
import java.util.Map;
import org.apache.struts2.convention.annotation.Result;
import org.apache.struts2.convention.annotation.Results;
import org.apache.struts2.interceptor.SessionAware;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.Token;
import org.scribe.model.Verb;
import org.scribe.oauth.OAuthService;
@Results({
@Result(name = "success", location = "https://twitter.com/#!/YOUR_USER_NAME", type = "redirect")
})
public class Tweet extends ActionSupport implements SessionAware {
private Map<String, Object> session;
private String status;
@Override
public String execute() {
Token accessToken = (Token) session.get("accessToken");
OAuthService twitterService = (OAuthService) session.get("twitterService");
String url = "http://api.twitter.com/1/statuses/update.json?status=";
String twitterStatus = "hello!";
OAuthRequest request = new OAuthRequest(Verb.POST, url + twitterStatus);
twitterService.signRequest(accessToken, request);
Response response = request.send();
return SUCCESS;
}
public void setStatus(String status) {
this.status = status;
}
public String getStatus() {
return this.status;
}
@Override
public void setSession(Map<String, Object> map) {
session = map;
}
}
这就是它。关于scribe的好处是它可以很容易地为不同的提供者进行配置(对于基本身份验证,之后使用他们的API是另一回事,这取决于你)。
答案 1 :(得分:1)
它依赖于你想要如何构建它。你可以使用一定数量的库来建立你的登录系统,其中很少是
以下概述了为完成整个流程所需做的一切