ESB服务学习Auth2.0和sso规范
作者:互联网
ESB服务学习Auth2.0和sso规范
看下Auth的代码和若干方法
从第三方认证系统中认证:
public String getAuthorizeUri(AuthorizeUriGetInput input) {
String redirectUri = this.casProperties.getRedirectUri();
if (input.getRedirectUri()!=null){
redirectUri = input.getRedirectUri();
}
return String.format("%s/oauth2.0/authorize?service=%s&response_type=code&client_id=%s&redirect_uri=%s", this.casProperties.getCasUrl(), redirectUri, this.casProperties.getClientId(), redirectUri);
}
登出系统,也是调用第三方的页面
public String logout(AuthorizeUriGetInput input) {
String redirectUri = this.casProperties.getRedirectUri();
if (input.getRedirectUri()!=null){
redirectUri = input.getRedirectUri();
}
return String.format("%s/logout?service=%s", this.casProperties.getCasUrl(), redirectUri);
}
从第三方获取token,没有页面,AccessToken有没有固定的格式?
public AccessToken getAccessToken(String code) {
String url = String.format("%s/oauth2.0/accessToken? grant_type=authorization_code&client_id=%s&client_secret=%s&redirect_uri=%s&code=%s", this.casProperties.getCasUrl(), this.casProperties.getClientId(), this.casProperties.getClientSecret(), this.casProperties.getRedirectUri(), code);
HttpHeaders headers = getHeaderApplicationJson();
HttpEntity request = new HttpEntity("", headers);
try {
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String> responseEntity = restTemplate.exchange(url, HttpMethod.GET, request, String.class, new Object[0]);
return (AccessToken) JSON.parseObject((String) responseEntity.getBody(), AccessToken.class);
} catch (
Exception var7) {
log.error("获取Token返回错误" + (String) responseEntity.getBody());
return null;
}
}
刷新token,也没有页面,调用第三方服务
public AccessToken refreshToken(String refreshToken) {
String url = String.format("%s/oauth2.0/accessToken?grant_type=refresh_token&client_id=%s&client_secret=%s&redirect_uri=%s&refresh_token=%s", this.casProperties.getCasUrl(), this.casProperties.getClientId(), this.casProperties.getClientSecret(), this.casProperties.getRedirectUri(), refreshToken);
HttpHeaders headers = getHeaderApplicationJson();
HttpEntity request = new HttpEntity("", headers);
try {
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String> responseEntity = restTemplate.exchange(url, HttpMethod.GET, request, String.class, new Object[0]);
return (AccessToken) JSON.parseObject((String) responseEntity.getBody(), AccessToken.class);
} catch (Exception var7) {
log.error("刷新Token信息失败-{}" + refreshToken, var7);
return null;
}
}
拿着token去获取我们需要的资源,比如用户信息
public UserProfile getUserProfile(String token) {
String url = String.format("%s/oauth2.0/profile?access_token=%s", this.casProperties.getCasUrl(), token);
HttpHeaders headers = getHeaderApplicationJson();
HttpEntity request = new HttpEntity("", headers);
try {
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String> responseEntity = restTemplate.exchange(url, HttpMethod.GET, request, String.class, new Object[0]);
return (UserProfile) JSON.parseObject(jsonObject.getJSONObject("attributes").toJSONString(), UserProfile.class);
} catch (
Exception var8) {
log.error("获取用户信息失败" + token, var8);
}
return null;
}
这里验证了这个人的有效身份,至于拿这个身份做什么,取决于系统。
标签:return,String,Auth2.0,token,sso,casProperties,new,getRedirectUri,ESB 来源: https://www.cnblogs.com/Robin008/p/16352840.html