使用Java中的Apache OAuth客户端2.0库生成授权代码和用户令牌的问题
我尝试使用Java中的Apache OAuth Client 2.0库自动化用户级令牌创建/生成过程(REST /授权授权代码)。 以下是我使用的代码,我从https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart获取 ,
`/*Previous Codes & starting the below with Try/Catch*/ OAuthClientRequest request = OAuthClientRequest .authorizationLocation("Authorization URL") .setClientId("ClientID") .setRedirectURI("Redirect URL") .buildQueryMessage(); request.getLocationUri(); OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request); String code = oar.getCode(); /*Other Codes and starting the below with Try/Catch*/ OAuthClientRequest request = OAuthClientRequest .tokenLocation("TokenEndPointURL") .setGrantType(GrantType.AUTHORIZATION_CODE) .setClientId("ClientID") .setClientSecret("ClientSecret") .setRedirectURI("REdirectURL") .setCode(code)//Authorization Code from above .buildQueryMessage(); OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(request, GitHubTokenResponse.class); String accessToken = oAuthResponse.getAccessToken(); String expiresIn = oAuthResponse.getExpiresIn();` 但是,我得到一个(从Eclipse中的错误推断)编译错误在下面的行,
oauthCodeAuthzResponse方法接受httpservlet对象,不支持OAuthAuthzReponse类型
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
有没有人可以告诉我是否有解决方法? 或者如何将oauthCodeAuthzResponse请求转换为httpservlet请求? 或者我做错了什么或遗失了什么?
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request); String code = oar.getCode();
我认为上面的代码应该写在重定向URI端点的实现中,而不是在客户端代码中。
正确理解授权代码流会有所帮助。 授权代码从授权服务器的授权端点发出,并且被传递到重定向URI指向的位置。 也就是说,授权代码不会直接传递给客户端应用程序。
当授权服务器发出授权代码时,它会将如下所示的HTTP响应发送回客户端的Web浏览器。
HTTP/1.1 302 Found Location: {Redirect URI} ?code={Authorization Code} // - Always included &state={Arbitrary String} // - Included if the authorization // request included 'state'.
302 Found触发Web浏览器转到Location标头指向的Location 。 因此,您必须实现接收授权代码的位置,并且实现必须以某种方式将授权代码传递给客户端应用程序。
另请注意,在(a)授权请求(=对授权端点的请求)和(b)令牌请求(=对令牌端点的请求)之间显示授权页面(HTML),页面需要最终用户相互作用。 有关详细信息,请参阅“ 所有OAuth 2.0流程的图表和电影 ”中的“1.授权代码流程”。
最后我能够使用httpclient生成令牌 – 请参阅下面的逻辑。
获取授权码 :
public String getAuthCode(String authUrl, String userName, String password, String scope, String clientId, String redirectUrl) throws ClientProtocolException, IOException, URISyntaxException { DefaultHttpClient httpclient = new DefaultHttpClient(); System.out.println("Adding Paramters to a Array List as NameValuePair"); List params = new ArrayList (); params.add(new BasicNameValuePair("scope", scope)); params.add(new BasicNameValuePair("response_type", "code")); params.add(new BasicNameValuePair("client_id", clientId)); params.add(new BasicNameValuePair("redirect_uri", redirectUrl)); System.out.println("Parameters List:" + params); System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List"); URI uri = new URIBuilder(authUrl) .addParameters(params) .build(); System.out.println("Built URI:" + uri); System.out.println("Creating HTTPGET with the Created URI"); HttpGet get = new HttpGet(uri); System.out.println("HttpGet:" + get); System.out.println("Creating Client Context"); HttpClientContext context = HttpClientContext.create(); System.out.println("Created Client Context:" + context); System.out.println("Executing the GET Method with the created Client Context"); HttpResponse response = httpclient.execute(get, context); System.out.println("HttpResponse:" + response); System.out.println("Getting the Final URI from the Submitted Get Method"); URI finalUrl = get.getURI(); System.out.println("Final URL:" + finalUrl); System.out.println("Creating a List of URI from the Redirection Locations using Client Context"); List locations = context.getRedirectLocations(); System.out.println("List of URI:" + locations); if (locations != null) { finalUrl = locations.get(locations.size() - 1); } System.out.println("Taking the last URL as Final:" + finalUrl); System.out.println("Creating Entity"); EntityUtils.consume(response.getEntity()); System.out.println("Consume the Entity:" + response.getEntity()); String userid = "username=".concat(userName); System.out.println("UserID:" + userid); String userPassword = "Password=".concat(password); System.out.println("User Password:" + userPassword); String cred = userid+"&"+userPassword; System.out.println("User Credentials:" + cred); HttpPost postReq = new HttpPost(finalUrl); StringEntity entity = new StringEntity(cred); postReq.setEntity(entity); postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); postReq.addHeader("User-Agent", "MSIE 8.0"); HttpResponse responsePost = httpclient.execute(postReq,context); List location = Arrays.asList(responsePost.getHeaders("Location")); String locationUrl = location.get(0).getValue().toString(); String[] locationArray = locationUrl.split("="); String authCode = locationArray[1].trim().toString(); //System.out.println(authCode); EntityUtils.consume(responsePost.getEntity()); System.out.println("Response Post Entity:"+responsePost); System.out.println("Authorization Code:" +authCode); return authCode; }
获得代币 :
public List getJwtToken(String clientId,String clientSecret, String authUrl,String tokenUrl, String redirectUrl,String accessTokenScope, String LDAPuserName,String LDAPpassword) throws Exception { List tokens = new ArrayList (); //Generate the User Level Token & JWT Token using the Get/Post Method DefaultHttpClient httpclient = new DefaultHttpClient(); System.out.println("Calling the get Auth Code Method"); String authCode = getAuthCode(authUrl, LDAPuserName, LDAPpassword, accessTokenScope, clientId, redirectUrl); System.out.println("Authorization Code:" + authCode); HttpPost tokenPost = new HttpPost(tokenUrl); System.out.println("Token HttpPost:" + tokenPost); System.out.println("Adding the Parameters in an ArrayList as NameValuePair"); List tokenParams = new ArrayList (); tokenParams.add(new BasicNameValuePair("client_id", clientId)); tokenParams.add(new BasicNameValuePair("client_secret", clientSecret)); tokenParams.add(new BasicNameValuePair("code", authCode)); tokenParams.add(new BasicNameValuePair("grant_type", "authorization_code")); System.out.println("Token Call Parameter:" + tokenParams); System.out.println("Setting the Parameters as URL Encoded Entity"); tokenPost.setEntity(new UrlEncodedFormEntity(tokenParams)); System.out.println("URL Encoded Entity" + tokenPost); System.out.println("Executing the Token Post Method"); HttpResponse responseJWT = httpclient.execute(tokenPost); System.out.println("Setting the Parameters as URL Encoded Entity" + responseJWT); System.out.println("Parsing the ResponseJWT using JsonParser & JsonObjet"); JsonParser parser = new JsonParser(); System.out.println("Json Parser:" + parser); JsonObject data = (JsonObject) parser.parse(new InputStreamReader(responseJWT.getEntity().getContent())); System.out.println("Json Object" + data); String token = data.get("access_token").toString(); System.out.println("Access Token:" + token); String jwt=""; try { jwt = data.get("jwt_token").toString(); System.out.println("JWT Token:" + jwt); } catch(Exception ejwt) { System.out.println("Exception occured converting Jwt Token to String"); ejwt.printStackTrace(); } String refresh = data.get("refresh_token").toString(); System.out.println("Refresh Token:" + refresh); String accessToken = token.substring(1, token.length()-1); tokens.add(0, accessToken); System.out.println("Real Access Token:" + accessToken); String jwtToken =""; try { jwtToken = jwt.substring(1, jwt.length()-1); tokens.add(1, jwtToken); System.out.println("Real JWT Token:" + jwtToken); } catch(Exception ejwt) { System.out.println("Exception occured adding Jwt Token to String List"); ejwt.printStackTrace(); } String refreshToken = refresh.substring(1, refresh.length()-1); System.out.println("Real Refresh Token:" + refreshToken); return tokens; }
我使用了这种身份validation代码方法。 我在制作validation码时遇到了这个错误
> location->[] [ERROR] 2018-10-12 14:16:59.414 [http-nio-8080-exec-3] > [dispatcherServlet] - Servlet.service() for servlet > [dispatcherServlet] in context with path [] threw exception [Request > processing failed; nested exception is > java.lang.ArrayIndexOutOfBoundsException: 0] with root cause > java.lang.ArrayIndexOutOfBoundsException: 0