StormPath Spring 引导身份验证 Cookie 生成
StormPath Spring Boot Authentication Cookie generation
我刚刚开始为我们正在构建的新 Rest API 平台使用 stormpath-default-spring-boot-starter (1.2.0) 库。我期望访问 cookie 由以下代码生成以验证用户身份,以便随后的 API 调用可以通过 cookie 进行身份验证。帐户已通过身份验证,但未生成 cookie。
AuthenticationRequest request = UsernamePasswordRequests.builder()
.setUsernameOrEmail(userId)
.setPassword(pwd)
.withResponseOptions(UsernamePasswordRequests.options().withAccount())
.build();
Account account = null;
try {
account = app.authenticateAccount(request).getAccount();
}
catch (ResourceException ex) {
throw(ex);
}
Following here is the property file entries,
stormpath.spring.security.enabled = false
security.basic.enabled = false
Help is much appreciated.
我认为您可能在这里混淆了上下文。
您提供的代码看起来像是直接使用 Java SDK 而不使用集成(如 Stormpath Spring 启动集成)时所需的手动代码类型。
当您使用 Stormpath Default Spring Boot Starter 时,您会自动获得一堆端点,您可以使用这些端点进行身份验证并设置 cookie。
例如,您有一个 /login 端点。
如果启动示例应用程序,您应该能够转到:
curl localhost:8080/login
您将得到如下所示的登录模型:
{
"form": {
"fields": [
{
"name": "login",
"label": "Username or Email",
"placeholder": "Username or Email",
"required": true,
"type": "text"
},
{
"name": "password",
"label": "Password",
"placeholder": "Password",
"required": true,
"type": "password"
}
]
}
}
然后您可以使用 POST:
进行身份验证
curl -v -H "Content-Type: application/json" -X POST \
-d '{"login": "<email>", "password": "<password>"}' \
http://localhost:8080/login
您将收到如下回复:
> POST /login HTTP/1.1
> Host: localhost:8080
< HTTP/1.1 200
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Mon, 05 Dec 2016 05:30:25 GMT
<
* Connection #0 to host localhost left intact
{
"account": {
"href": "https://api.stormpath.com/v1/accounts/<account id>",
"createdAt": "2016-03-04T06:29:48.506Z",
"modifiedAt": "2016-08-17T18:01:07.812Z",
"username": "<username>",
"email": "<email>",
"givenName": "<givenName>",
"middleName": null,
"surname": "<surname>",
"status": "ENABLED",
"fullName": "<full name>",
"emailVerificationStatus": null,
"passwordModifiedAt": "2016-05-24T02:14:01.000Z"
}
}
响应包含 access_token 和 refresh_token cookie 以及包含帐户信息的 JSON 响应。
如果您想使用 OAuth2,您有一个支持 grant_type=password 和 grant_type=client_credentials 流程的 /oauth/token 端点:
curl -v -X POST \
-d grant_type=password -d username=<email> -d password=<password> \
http://localhost:8080/oauth/token
您会收到如下回复:
> POST /oauth/token HTTP/1.1
> Host: localhost:8080
< HTTP/1.1 200
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 933
< Date: Mon, 05 Dec 2016 05:38:53 GMT
<
* Connection #0 to host localhost left intact
{
"access_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...",
"refresh_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...",
"token_type": "Bearer",
"expires_in": 3600
}
希望对您有所帮助!
完全披露:我是 Stormpath 的 Java 开发者传播者之一
我刚刚开始为我们正在构建的新 Rest API 平台使用 stormpath-default-spring-boot-starter (1.2.0) 库。我期望访问 cookie 由以下代码生成以验证用户身份,以便随后的 API 调用可以通过 cookie 进行身份验证。帐户已通过身份验证,但未生成 cookie。
AuthenticationRequest request = UsernamePasswordRequests.builder()
.setUsernameOrEmail(userId)
.setPassword(pwd)
.withResponseOptions(UsernamePasswordRequests.options().withAccount())
.build();
Account account = null;
try {
account = app.authenticateAccount(request).getAccount();
}
catch (ResourceException ex) {
throw(ex);
}
Following here is the property file entries,
stormpath.spring.security.enabled = false
security.basic.enabled = false
Help is much appreciated.
我认为您可能在这里混淆了上下文。
您提供的代码看起来像是直接使用 Java SDK 而不使用集成(如 Stormpath Spring 启动集成)时所需的手动代码类型。
当您使用 Stormpath Default Spring Boot Starter 时,您会自动获得一堆端点,您可以使用这些端点进行身份验证并设置 cookie。
例如,您有一个 /login 端点。
如果启动示例应用程序,您应该能够转到:
curl localhost:8080/login
您将得到如下所示的登录模型:
{
"form": {
"fields": [
{
"name": "login",
"label": "Username or Email",
"placeholder": "Username or Email",
"required": true,
"type": "text"
},
{
"name": "password",
"label": "Password",
"placeholder": "Password",
"required": true,
"type": "password"
}
]
}
}
然后您可以使用 POST:
进行身份验证curl -v -H "Content-Type: application/json" -X POST \
-d '{"login": "<email>", "password": "<password>"}' \
http://localhost:8080/login
您将收到如下回复:
> POST /login HTTP/1.1
> Host: localhost:8080
< HTTP/1.1 200
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Mon, 05 Dec 2016 05:30:25 GMT
<
* Connection #0 to host localhost left intact
{
"account": {
"href": "https://api.stormpath.com/v1/accounts/<account id>",
"createdAt": "2016-03-04T06:29:48.506Z",
"modifiedAt": "2016-08-17T18:01:07.812Z",
"username": "<username>",
"email": "<email>",
"givenName": "<givenName>",
"middleName": null,
"surname": "<surname>",
"status": "ENABLED",
"fullName": "<full name>",
"emailVerificationStatus": null,
"passwordModifiedAt": "2016-05-24T02:14:01.000Z"
}
}
响应包含 access_token 和 refresh_token cookie 以及包含帐户信息的 JSON 响应。
如果您想使用 OAuth2,您有一个支持 grant_type=password 和 grant_type=client_credentials 流程的 /oauth/token 端点:
curl -v -X POST \
-d grant_type=password -d username=<email> -d password=<password> \
http://localhost:8080/oauth/token
您会收到如下回复:
> POST /oauth/token HTTP/1.1
> Host: localhost:8080
< HTTP/1.1 200
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 933
< Date: Mon, 05 Dec 2016 05:38:53 GMT
<
* Connection #0 to host localhost left intact
{
"access_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...",
"refresh_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...",
"token_type": "Bearer",
"expires_in": 3600
}
希望对您有所帮助!
完全披露:我是 Stormpath 的 Java 开发者传播者之一