1.Web网站的授权(oAuth2.0)
- Client 第三方应用(需要做鉴权的业务网站、业务系统)
- UserAgent 用户代理(浏览器)
- Resource Owner 用户授权(用户手动点击【同意】按钮,授权使用第三方登录渠道),第三方渠道授权登录:微信同意登录、或qq授权登录或微博 、GitHub、Gitee,这里使用Gitee做当前网站的第三方授权渠道
- 用户认证,用户输入账号和密码(gitee账号&密码),账号会通过第三方授权服务器检验(gitee服务器、门户服务),如果校验通过会返一个授权码Authorization Code到业务系统(业务网站)
- 网站再次发请求并携带上一步获取的授权码Authorization Code去访问第三方授权服务(gitee、门户服务),第三方授权服务会返回一个访问令牌Access token
- 以后浏览器就可以通过token访问令牌跳过第三方授权直接访问服务器任意请求,token访问令牌可能需要做jwt解密(token校验)或token失效返新token操作
点击gitee按钮,跳转到gitee码云登录页,如果gitee账号登录成功,会redirect重定向到咱们自动的业务网站系统首页
在做这套第三方渠道跳转前需要,需要在Gitee上创建第三方应用,这个应用需要配置如下:
- Client ID :创建应用时自动生成的唯一标识
- Client Secret :创建应用时自动生成的密钥
- 重定向回调地址url:(需要手动配置)第三方登录授权成功后需要重定向到系统的首页
- 授权码Authorization Code
@GetMapping("/oauth2.0/gitee/success")
public String oauth2(@RequestParam("code") String code, HttpSession httpSession) throws Exception {
HttpResponse post = null;
try {
//https://gitee.com/oauth/token?grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}
Map<String,String> map = new HashMap<>();
map.put("grant_type",Oauth2Constant.OAUTH2_GRANT_TYPE);
map.put("code",code);
map.put("client_id", Oauth2Constant.OAUTH2_CLIENT_ID);
map.put("redirect_uri",Oauth2Constant.OAUTH2_RIDIRECT_URI);
map.put("client_secret",Oauth2Constant.OAUTH2_CLIENT_SECRET);
//String host, String path, String method,
//Map<String, String> headers,
//Map<String, String> querys,
//Map<String, String> bodys
post = HttpUtils.doPost("https://gitee.com", "/oauth/token", "POST", new HashMap<>(), map, new HashMap<>());
} catch (Exception e) {
e.printStackTrace();
}
//取出token
//获取状态行的响应码,如果是200就代表响应成功
if (post.getStatusLine().getStatusCode() == 200){
HttpEntity entity = post.getEntity();
//将HttpEntity转换成String类型
String entityJsonString = EntityUtils.toString(entity);
//Json字符串 -> java对象 参数必须是String类型Json串
SocialUser socialUser = JSON.parseObject(entityJsonString,SocialUser.class);
//判断账号是否是第一次登陆,如果是第一次登陆就直接注册到会员服务
R<MemberOAuthVo> r = memberFeignService.oauth2Login(socialUser);
if (r.getCode() == 0){
MemberOAuthVo memberOAuthVo = r.getData(new TypeReference<MemberOAuthVo>() {});
log.info("用户信息:{}",memberOAuthVo);
httpSession.setAttribute("loginUser",memberOAuthVo);
return "redirect:http://gulimall.com";
}
}else {
//获取失败 -> 重定向到登录页
return "redirect:http://auth.gulimall.com/login.html";
}
//第三方授权成功 -> 跳转至登陆页
return "redirect:http://gulimall.com";
}
实体
/**
* @Description: 社交用户信息
**/
@Data
public class SocialUser {
/**
* "access_token": "56310a891ae93588988a3c0e4e685a49",
* "token_type": "bearer",
* "expires_in": 86400,
* "refresh_token": "08782b4126a13a5fab5c22c78f772a88996c03c32aab13069bd7210165ebd91c",
* "scope": "user_info",
* "created_at": 1687418634
*/
/**
* 登陆状态识别:只要登陆就存在,会变化(有效期 1天)
*/
private String access_token;
private String token_type;
/**
* access_token的过期时间
*/
private long expires_in;
/**
* 可以通过以下 refresh_token 方式重新获取 access_token( POST请求 )
* https://gitee.com/oauth/token?grant_type=refresh_token&refresh_token={refresh_token}
*/
private String refresh_token;
/**
* 权限
*/
private String scope;
/**
* 社交账号与用户账号的关联字段,固定不变
*/
private long created_at;
}
HttpUtil
package com.atguigu.common.utils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
public class HttpUtils {
/**
* get
*
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @return
* @throws Exception
*/
public static HttpResponse doGet(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpGet request = new HttpGet(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
return httpClient.execute(request);
}
/**
* post form
*
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @param bodys
* @return
* @throws Exception
*/
public static HttpResponse doPost(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys,
Map<String, String> bodys)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpPost request = new HttpPost(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
if (bodys != null) {
List<NameValuePair> nameValuePairList = new ArrayList<NameValuePair>();
for (String key : bodys.keySet()) {
nameValuePairList.add(new BasicNameValuePair(key, bodys.get(key)));
}
UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(nameValuePairList, "utf-8");
formEntity.setContentType("application/x-www-form-urlencoded; charset=UTF-8");
request.setEntity(formEntity);
}
return httpClient.execute(request);
}
/**
* Post String
*
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @param body
* @return
* @throws Exception
*/
public static HttpResponse doPost(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys,
String body)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpPost request = new HttpPost(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
if (StringUtils.isNotBlank(body)) {
request.setEntity(new StringEntity(body, "utf-8"));
}
return httpClient.execute(request);
}
/**
* Post stream
*
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @param body
* @return
* @throws Exception
*/
public static HttpResponse doPost(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys,
byte[] body)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpPost request = new HttpPost(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
if (body != null) {
request.setEntity(new ByteArrayEntity(body));
}
return httpClient.execute(request);
}
/**
* Put String
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @param body
* @return
* @throws Exception
*/
public static HttpResponse doPut(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys,
String body)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpPut request = new HttpPut(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
if (StringUtils.isNotBlank(body)) {
request.setEntity(new StringEntity(body, "utf-8"));
}
return httpClient.execute(request);
}
/**
* Put stream
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @param body
* @return
* @throws Exception
*/
public static HttpResponse doPut(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys,
byte[] body)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpPut request = new HttpPut(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
if (body != null) {
request.setEntity(new ByteArrayEntity(body));
}
return httpClient.execute(request);
}
/**
* Delete
*
* @param host
* @param path
* @param method
* @param headers
* @param querys
* @return
* @throws Exception
*/
public static HttpResponse doDelete(String host, String path, String method,
Map<String, String> headers,
Map<String, String> querys)
throws Exception {
HttpClient httpClient = wrapClient(host);
HttpDelete request = new HttpDelete(buildUrl(host, path, querys));
for (Map.Entry<String, String> e : headers.entrySet()) {
request.addHeader(e.getKey(), e.getValue());
}
return httpClient.execute(request);
}
private static String buildUrl(String host, String path, Map<String, String> querys) throws UnsupportedEncodingException {
StringBuilder sbUrl = new StringBuilder();
sbUrl.append(host);
if (!StringUtils.isBlank(path)) {
sbUrl.append(path);
}
if (null != querys) {
StringBuilder sbQuery = new StringBuilder();
for (Map.Entry<String, String> query : querys.entrySet()) {
if (0 < sbQuery.length()) {
sbQuery.append("&");
}
if (StringUtils.isBlank(query.getKey()) && !StringUtils.isBlank(query.getValue())) {
sbQuery.append(query.getValue());
}
if (!StringUtils.isBlank(query.getKey())) {
sbQuery.append(query.getKey());
if (!StringUtils.isBlank(query.getValue())) {
sbQuery.append("=");
sbQuery.append(URLEncoder.encode(query.getValue(), "utf-8"));
}
}
}
if (0 < sbQuery.length()) {
sbUrl.append("?").append(sbQuery);
}
}
return sbUrl.toString();
}
private static HttpClient wrapClient(String host) {
HttpClient httpClient = new DefaultHttpClient();
if (host.startsWith("https://")) {
sslClient(httpClient);
}
return httpClient;
}
private static void sslClient(HttpClient httpClient) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] xcs, String str) {
}
public void checkServerTrusted(X509Certificate[] xcs, String str) {
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = httpClient.getConnectionManager();
SchemeRegistry registry = ccm.getSchemeRegistry();
registry.register(new Scheme("https", 443, ssf));
} catch (KeyManagementException ex) {
throw new RuntimeException(ex);
} catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex);
}
}
}
