Apache Oltu OAuth2.0 回调处理
Apache Oltu OAuth2.0 Callback Handling
我正在使用 Apache Oltu、Java servlet 和需要 OAuth2 身份验证才能访问 API 的 JSP 创建 Maven 项目。到目前为止,我能够被重定向到网站并授权访问,但是,当网站重定向回我的回调 URL 时,我收到一个弹出警报,其中包含我的回调 URL 并附加了授权代码参数那说 'Page load failed with error: Could not connect to server.'
这是因为我 url 的映射不正确吗?还是我错过了其他东西?在授权代码交换访问令牌后,我试图将用户重定向到 apiConnector.jsp。
我的 servlet 处理回调:
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.GitHubTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import OAuth2.main.OAuthUtils;
import OAuth2.model.OAuth2Details;
/**
* Servlet implementation class AuthCallbackController
*/
@WebServlet("/AuthCallbackController")
public class AuthCallbackController extends HttpServlet {
private OAuth2Details authDetails;
private static final long serialVersionUID = 1L;
private static final String LIST_DATA = "/apiConnector.jsp";
public static final String CODE_URL_PARAM_NAME = "code";
public static final String ERROR_URL_PARAM_NAME = "error";
public static final String URL_MAPPING = "/OAuth2Callback";
public static final String REDIRECT_URL = "/";
public AuthCallbackController() {
super();
authDetails = OAuthUtils.createOAuth2Details();
}
/**
* Handles the callback response from Higi Authorization Server
*/
protected void doGet (HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
String forward = LIST_DATA;
try {
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(servletRequest);
String code = oar.getCode();
OAuthClientRequest request = OAuthClientRequest
.tokenLocation(authDetails.getTokenEndpoint())
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId(authDetails.getClientId())
.setClientSecret(authDetails.getClientSecret())
.setRedirectURI(authDetails.getRedirectURI())
.setCode(code)
.buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient (new URLConnectionClient());
GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(request, GitHubTokenResponse.class);
String accessToken = oAuthResponse.getAccessToken();
String refreshToken = oAuthResponse.getRefreshToken();
Long expiresIn = oAuthResponse.getExpiresIn();
OAuthResponse r = OAuthASResponse
.tokenResponse(HttpServletResponse.SC_OK)
.setAccessToken(accessToken)
.setExpiresIn("3600")
.setRefreshToken(refreshToken)
.buildJSONMessage();
servletResponse.setStatus(r.getResponseStatus());
PrintWriter pw = servletResponse.getWriter();
pw.print(r.getBody());
pw.flush();
pw.close();
// Forward attributes to page
RequestDispatcher view = servletRequest.getRequestDispatcher(forward);
servletRequest.setAttribute("response",r.getBody());
view.forward(servletRequest, servletResponse);
} catch (OAuthProblemException | OAuthSystemException ex) {
ex.printStackTrace();
}
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>HigiSalesforceConnector</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>APIConnectorCallbackHandlerServlet</servlet-name>
<servlet-class>OAuth2.controller.AuthCallbackController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>APIConnectorCallbackHandlerServlet</servlet-name>
<url-pattern>/OAuth2Callback/*</url-pattern>
</servlet-mapping>
</web-app>
经过大量研究后,我解决了我的问题——最终不得不在 Eclipse 上创建一个新服务器,该服务器使用我更新的 SSL Tomcat 配置。
我正在使用 Apache Oltu、Java servlet 和需要 OAuth2 身份验证才能访问 API 的 JSP 创建 Maven 项目。到目前为止,我能够被重定向到网站并授权访问,但是,当网站重定向回我的回调 URL 时,我收到一个弹出警报,其中包含我的回调 URL 并附加了授权代码参数那说 'Page load failed with error: Could not connect to server.'
这是因为我 url 的映射不正确吗?还是我错过了其他东西?在授权代码交换访问令牌后,我试图将用户重定向到 apiConnector.jsp。
我的 servlet 处理回调:
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.GitHubTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import OAuth2.main.OAuthUtils;
import OAuth2.model.OAuth2Details;
/**
* Servlet implementation class AuthCallbackController
*/
@WebServlet("/AuthCallbackController")
public class AuthCallbackController extends HttpServlet {
private OAuth2Details authDetails;
private static final long serialVersionUID = 1L;
private static final String LIST_DATA = "/apiConnector.jsp";
public static final String CODE_URL_PARAM_NAME = "code";
public static final String ERROR_URL_PARAM_NAME = "error";
public static final String URL_MAPPING = "/OAuth2Callback";
public static final String REDIRECT_URL = "/";
public AuthCallbackController() {
super();
authDetails = OAuthUtils.createOAuth2Details();
}
/**
* Handles the callback response from Higi Authorization Server
*/
protected void doGet (HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
String forward = LIST_DATA;
try {
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(servletRequest);
String code = oar.getCode();
OAuthClientRequest request = OAuthClientRequest
.tokenLocation(authDetails.getTokenEndpoint())
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId(authDetails.getClientId())
.setClientSecret(authDetails.getClientSecret())
.setRedirectURI(authDetails.getRedirectURI())
.setCode(code)
.buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient (new URLConnectionClient());
GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(request, GitHubTokenResponse.class);
String accessToken = oAuthResponse.getAccessToken();
String refreshToken = oAuthResponse.getRefreshToken();
Long expiresIn = oAuthResponse.getExpiresIn();
OAuthResponse r = OAuthASResponse
.tokenResponse(HttpServletResponse.SC_OK)
.setAccessToken(accessToken)
.setExpiresIn("3600")
.setRefreshToken(refreshToken)
.buildJSONMessage();
servletResponse.setStatus(r.getResponseStatus());
PrintWriter pw = servletResponse.getWriter();
pw.print(r.getBody());
pw.flush();
pw.close();
// Forward attributes to page
RequestDispatcher view = servletRequest.getRequestDispatcher(forward);
servletRequest.setAttribute("response",r.getBody());
view.forward(servletRequest, servletResponse);
} catch (OAuthProblemException | OAuthSystemException ex) {
ex.printStackTrace();
}
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>HigiSalesforceConnector</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>APIConnectorCallbackHandlerServlet</servlet-name>
<servlet-class>OAuth2.controller.AuthCallbackController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>APIConnectorCallbackHandlerServlet</servlet-name>
<url-pattern>/OAuth2Callback/*</url-pattern>
</servlet-mapping>
</web-app>
经过大量研究后,我解决了我的问题——最终不得不在 Eclipse 上创建一个新服务器,该服务器使用我更新的 SSL Tomcat 配置。