6.2.2、Spring Boot 快速接入

Spring Boot 快速接入 OAuth 2.0 认证

Apache Oltu 是一个开源的 OAuth 库，用于帮助开发者实现 OAuth 1.0 和 OAuth 2.0 协议。OAuth 是一种用于授权和认证的协议，常用于保护和控制对 Web 资源的访问。

一、快速接入

1、引入依赖

在项目依赖管理中引入 org.apache.oltu.oauth2.client 依赖 ：

Maven 依赖

<properties>
    <oltu.oauth2.version>1.0.2</oltu.oauth2.version>
    <oltu.oauth2-jwt.version>1.0.3</oltu.oauth2-jwt.version>
</properties>

<!-- https://mvnrepository.com/artifact/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client -->
<dependency>
    <groupId>org.apache.oltu.oauth2</groupId>
    <artifactId>org.apache.oltu.oauth2.client</artifactId>
    <version>1.0.2</version>
</dependency>
<dependency>
    <groupId>org.apache.oltu.oauth2</groupId>
    <artifactId>org.apache.oltu.oauth2.dynamicreg.client</artifactId>
</dependency>

Gradle 依赖

// https://mvnrepository.com/artifact/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client
implementation group: 'org.apache.oltu.oauth2', name: 'org.apache.oltu.oauth2.client', version: '1.0.2'

2、功能扩展

编写授权控制器：GetAuthorizationController

import lombok.extern.slf4j.Slf4j;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpServletRequest;

/**
 * 获取授权的控制器
 * https://blog.csdn.net/winerpro/article/details/133266414
 */
@Controller
@RequestMapping("/client")
@Slf4j
public class GetAuthorizationController {

    private static String CLIENT_ID = "20210903";
    private static String CLIENT_SECRET = "cas123456";
    private static String CODE_URL = "oauth2.0/authorize";
    private static String RESPONSE_TYPE = "code";
    /*认证服务器地址*/
    private static String AUTH_SERVER_URL = "https://cas.test.com:8443/cas/oauth2.0/accessToken";
    /*资源拥有者地址*/
    private static String RESOURCE_OWNER_URL = "https://cas.test.com:8443/cas/";
    /*资源服务器地址*/
    private static String RESOURCE_SERVER_URL = "https://cas.test.com:8443/cas/oauth2.0/profile";
    /*授权码回调地址*/
    private static String CALLBACKCODE = "https://localhost:8082/client/callbackCode";
    /*获取资源地址*/
    private static String GETRESOURCE = "https://localhost:8082/client/getResource";

    /**
     * 客户向资源所有者获取授权码
     */
    @GetMapping("/getCode")
    public String getCode() throws OAuthSystemException {
        OAuthClientRequest oAuthClientRequest = OAuthClientRequest
                .authorizationLocation(CODE_URL)
                .setClientId(CLIENT_ID)
                .setResponseType(RESPONSE_TYPE)
                .setRedirectURI(CALLBACKCODE)
                .buildQueryMessage();
        String uriString = oAuthClientRequest.getLocationUri();
        //重定向到资源所有者，获取验证码
        return "redirect:" + RESOURCE_OWNER_URL + uriString;
    }

    /**
     * 1. 资源所有者在生成授权码之后，会回调该接口将授权码传回给客户
     * 2. 客户获取授权码之后，使用该接口向认证服务器申请令牌
     */
    @GetMapping("/callbackCode")
    public String callbackCode(HttpServletRequest request) throws OAuthSystemException, OAuthProblemException {
        String code = request.getParameter("code");
        log.info(" --- 从资源拥有者获取code: {} -----------", code);
        //code需要非对称加密
        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
        OAuthClientRequest tokenRequest = OAuthClientRequest
                .tokenLocation(AUTH_SERVER_URL)
                .setClientId(CLIENT_ID)
                .setClientSecret(CLIENT_SECRET)
                .setGrantType(GrantType.AUTHORIZATION_CODE)
                .setCode(code)
                .setRedirectURI(GETRESOURCE)
                .buildQueryMessage();
        //通过Code，向认证服务器申请令牌
        OAuthResourceResponse resourceResponse = oAuthClient.resource(tokenRequest, OAuth.HttpMethod.GET,OAuthResourceResponse.class);
        String accessToken = resourceResponse.getBody();
        //获取令牌
        log.info("客户获取的访问令牌：" + accessToken);
        return "redirect:" + GETRESOURCE + "?" + accessToken;
    }

    /**
     * 使用令牌获取资源服务器中的数据
     */
    @GetMapping("/getResource")
    @ResponseBody
    public String getResource(String access_token) throws OAuthSystemException, OAuthProblemException {
        log.info("客户使用令牌向资源服务器获取数据 token = " + access_token);
        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
        OAuthClientRequest userInfoRequest = new OAuthBearerClientRequest(RESOURCE_SERVER_URL)
                        .setAccessToken(access_token)
                        .buildQueryMessage();
        OAuthResourceResponse resourceResponse = oAuthClient.resource(userInfoRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);
        String userInfo = resourceResponse.getBody();
        log.info("客户获取的资源服务器的数据： " + userInfo);
        return userInfo;
    }

}

3、测试

首先请求 https://localhost:8082/client/getCode

此时我们并没有登录,所以会跳转到我们之前文章中CAS的登录页面

输入用户名密码后,会进行两次重定向,最终返回所有的用户信息