0

有一个指南如何使用 Spring 和 Spring Boot 实现 OAuth2 https://spring.io/guides/tutorials/spring-boot-oauth2/

我需要在我的数据库中存储 OAuth2 信息,例如 accessToken、refreshToken 以供将来使用。现在我只能得到accessToken。根据本指南,我无法弄清楚如何获取 refreshToken 。

使用本指南中描述的方法获取 refreshToken 的正确方法是什么?

更新

我可以访问refreshTokeninOAuth2ClientAuthenticationProcessingFilter.attemptAuthentication方法,但只能accessToken访问ResourceServerTokenServices.loadAuthentication方法。

现在我不明白如何在 Facebook 成功授权后基于这种方法获取 OAuth2 信息并将其重用于 Facebook API 调用。请指教。

更新

我已添加JdbcClientTokenServices到我的 SSO 过滤器,但它不起作用

private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingFilter clientFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);

        //
        AccessTokenProviderChain tokenProviderChain = new AccessTokenProviderChain(new ArrayList<>(Arrays.asList(new AuthorizationCodeAccessTokenProvider())));
        tokenProviderChain.setClientTokenServices(new JdbcClientTokenServices(dataSource));
        oAuth2RestTemplate.setAccessTokenProvider(tokenProviderChain);
        //

        clientFilter.setRestTemplate(oAuth2RestTemplate);
        clientFilter.setTokenServices(new OkUserInfoTokenServices(okService, client.getClient().getClientId(), apiUrl, eventService));
        clientFilter.setAuthenticationSuccessHandler(new UrlParameterAuthenticationHandler());
        return clientFilter;
    }
4

1 回答 1

3

首先:使用 OAuth2 时,有必要很好地了解协议的工作原理。这不是太难,但你需要很好地掌握它才能使用它。在我看来,最好的参考点是规范本身:https ://www.rfc-editor.org/rfc/rfc6749

为了响应下面的对话和现有的拉取请求https://github.com/spring-projects/spring-security-oauth/pull/499我会(只要拉取请求未发布)子类 OAuth2ClientAuthenticationProcessingFilter 并包括根据拉取请求进行更改,然后在 ssoFilter 方法中使用该类。

因此:

package com.example;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.token.ClientTokenServices;

public class OAuth2ClientAuthenticationProcessingAndSavingFilter extends OAuth2ClientAuthenticationProcessingFilter {

    private ClientTokenServices clientTokenServices;

    public OAuth2ClientAuthenticationProcessingAndSavingFilter(String defaultFilterProcessesUrl, ClientTokenServices clientTokenServices) {
        super(defaultFilterProcessesUrl);
        this.clientTokenServices = clientTokenServices;
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
            FilterChain chain, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, chain, authResult);
        if (clientTokenServices != null) {
            clientTokenServices.saveAccessToken(restTemplate.getResource(), SecurityContextHolder.getContext()
                    .getAuthentication(), restTemplate.getAccessToken());
        }
    }

}


private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingAndSavingFilter clientFilter = new OAuth2ClientAuthenticationProcessingAndSavingFilter(path, clientTokenService);
       ...

并为您的 clientTokenService 添加一个 bean

于 2016-01-19T12:59:51.203 回答