身份验证服务器使用传统术语,如 api_key 代替客户端 ID 和 api_secret 代替 client_secret 并且回调将包含如下参数 callbackurl/request_token="clksdnfvklcm" 而不是 code="nvckjlefdkm"$state="somestate" 并且没有状态参数我不知道如何正确地实现它,我尝试的方式有很多缺陷,以至于我创建了一个登录页面,在其中我为 oauth server/api_key=mcklfdms 之类的 oauth 服务器 uri 提供了一个链接,然后我在 oauth 过滤器之前创建了一个过滤器并重定向它格式正确,以便请求将转换为 oauth/code=cnjdsn 而不是 oauth/callback/request_token=cnjdsn 任何人都可以为我提供正确的方法来实现它
请求解析器
@Component
public class KiteAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
DefaultOAuth2AuthorizationRequestResolver defaultOAuth2AuthorizationRequestResolver;
ClientRegistration clientRegistration;
public KiteAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository,String authorizationBaseUri){
this.defaultOAuth2AuthorizationRequestResolver=new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository,authorizationBaseUri);
this.clientRegistration=clientRegistrationRepository.findByRegistrationId("kite");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request);
if(request!=null){
return requestResolver(oAuth2AuthorizationRequest);
}
return null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest oAuth2AuthorizationRequest=defaultOAuth2AuthorizationRequestResolver.resolve(request,clientRegistrationId);
if(request!=null){
return requestResolver(oAuth2AuthorizationRequest);
}
return null;
}
private OAuth2AuthorizationRequest requestResolver(OAuth2AuthorizationRequest request){
Map<String,Object> parms=new HashMap<>();
if(request.getAdditionalParameters()!=null){
parms.putAll(request.getAdditionalParameters());
}
parms.put("api_key",this.clientRegistration.getClientId());
OAuth2AuthorizationRequest oAuth2AuthorizationRequest=OAuth2AuthorizationRequest
.from(request)
.state("hello")
.additionalParameters(parms)
.build();
return oAuth2AuthorizationRequest;
}
}
筛选
package com.kumar.coingen.filter;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@WebFilter(urlPatterns = "/oauth/code/kite")
@Order(-150)
public class AuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if(!request.getParameter("code").isEmpty()){
chain.doFilter(request,response);
}
String code=request.getParameter("request_token");
HttpServletRequest servletRequest=(HttpServletRequest) request;
HttpServletResponse servletResponse=(HttpServletResponse)response;
servletResponse.sendRedirect(request.getServerName()+":"+request.getServerPort()+"/"+((HttpServletRequest) request).getServletPath()+"/code="+code+"&state=hello");
}
}
**请让我知道是否可以在不使用过滤器重定向的情况下完成 **