如何通过 ClientId 和 ClientSecret 加载客户端详细信息 - OAuth 2.0
How to load the Client Details by ClientId AND ClientSecret - OAuth 2.0
我正在使用自己的 ClientDetailsServiceConfigurer 实现,所以我这样做:
OAuthConfig.java
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(this.customClientDetailsManager);
}
CustomClientDetailsManager.java
@Service
public class CustomClientDetailsManager implements ClientDetailsService {
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsManager.class);
private final CustomerService customerService;
@Inject
public CustomClientDetailsManager(final CustomerService customerService) {
this.customerService = customerService;
}
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
final Customer customer = customerService.getCustomerByClientId(clientId);
log.debug("****** Customer is: " + customer.getClientId());
log.debug("****** Customer Secret is: " + customer.getClientSecret());
log.debug("****** Client ID Coming from Request is: " + clientId);
final BaseClientDetails details = new BaseClientDetails();
details.setClientId(clientId);
log.debug("*** Client id: " + clientId );
details.setAuthorizedGrantTypes(Arrays.asList(customer.getAuthorizedGrantTypes()));
log.debug("*** AuthorizedGrantTypes: " + Arrays.asList(customer.getAuthorizedGrantTypes()));
details.setScope(Arrays.asList(customer.getScope()));
log.debug("*** Scope: " + Arrays.asList(customer.getScope()));
details.setResourceIds(Arrays.asList(customer.getResourceIds()));
log.debug("*** ResourceIds: " + Arrays.asList(customer.getResourceIds()));
final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(customer.getAuthorities()));
details.setAuthorities(authorities);
authorities.forEach(authority -> {
log.debug("*** Authority: " + authority);
});
log.debug("Returning details...");
return details;
}
所以基本上我是通过 loadClientByClientId(String clientId) 获取我的 ClientId,但我想要一种允许我获取我的客户端 ID 和客户端密码的方法。
有线索吗?谢谢
终于找到解决办法了
您需要创建一个 'CustomClientDetails' 来实现 'ClientDetails' 和 return 它。
例如:
public class CustomClientDetails implements ClientDetails {
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsManager.class);
private static final long serialVersionUID = 6725149038554040628L;
private Customer customer;
public CustomClientDetails(final Customer customer) {
this.customer = customer;
}
@Override
public Integer getAccessTokenValiditySeconds() {
return customer.getAccessTokenValidity();
}
@Override
public Map<String, Object> getAdditionalInformation() {
final Set<String> additionalInformation = new HashSet<String>();
additionalInformation.add(customer.getAdditionalInformation());
return null;
}
@Override
public Collection<GrantedAuthority> getAuthorities() {
final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(customer.getAuthorities()));
return authorities;
}
@Override
public Set<String> getAuthorizedGrantTypes() {
final Set<String> authorizedGrantTypes = new HashSet<String>();
authorizedGrantTypes.add(customer.getAuthorizedGrantTypes());
return authorizedGrantTypes;
}
@Override
public String getClientId() {
return customer.getClientId();
}
@Override
public String getClientSecret() {
return customer.getClientSecret();
}
@Override
public Integer getRefreshTokenValiditySeconds() {
return customer.getRefreshTokenValidity();
}
@Override
public Set<String> getRegisteredRedirectUri() {
final Set<String> registeredRedirectUris = new HashSet<String>();
registeredRedirectUris.add(customer.getWebServerRedirectUri());
return registeredRedirectUris;
}
@Override
public Set<String> getResourceIds() {
final Set<String> resourcesIds = new HashSet<String>();
resourcesIds.add(customer.getResourceIds());
return resourcesIds;
}
@Override
public Set<String> getScope() {
final Set<String> scopes = new HashSet<String>();
scopes.add(customer.getScope());
return scopes;
}
@Override
public boolean isAutoApprove(String scope) {
return false; //TODO: for some reason this is always false
}
@Override
public boolean isScoped() {
return true; //TODO: for some reason this is always true
}
@Override
public boolean isSecretRequired() {
return true; //TODO: for some reason this is always true
}
}
public class CustomClientDetailsManager implements ClientDetailsService {
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsManager.class);
private final CustomerService customerService;
@Inject
public CustomClientDetailsManager(final CustomerService customerService) {
this.customerService = customerService;
}
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
final Customer customer = customerService.getCustomerByClientId(clientId);
final CustomClientDetails customClientDetails = new CustomClientDetails(customer);
return customClientDetails;
}
我正在使用自己的 ClientDetailsServiceConfigurer 实现,所以我这样做:
OAuthConfig.java
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(this.customClientDetailsManager);
}
CustomClientDetailsManager.java
@Service
public class CustomClientDetailsManager implements ClientDetailsService {
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsManager.class);
private final CustomerService customerService;
@Inject
public CustomClientDetailsManager(final CustomerService customerService) {
this.customerService = customerService;
}
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
final Customer customer = customerService.getCustomerByClientId(clientId);
log.debug("****** Customer is: " + customer.getClientId());
log.debug("****** Customer Secret is: " + customer.getClientSecret());
log.debug("****** Client ID Coming from Request is: " + clientId);
final BaseClientDetails details = new BaseClientDetails();
details.setClientId(clientId);
log.debug("*** Client id: " + clientId );
details.setAuthorizedGrantTypes(Arrays.asList(customer.getAuthorizedGrantTypes()));
log.debug("*** AuthorizedGrantTypes: " + Arrays.asList(customer.getAuthorizedGrantTypes()));
details.setScope(Arrays.asList(customer.getScope()));
log.debug("*** Scope: " + Arrays.asList(customer.getScope()));
details.setResourceIds(Arrays.asList(customer.getResourceIds()));
log.debug("*** ResourceIds: " + Arrays.asList(customer.getResourceIds()));
final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(customer.getAuthorities()));
details.setAuthorities(authorities);
authorities.forEach(authority -> {
log.debug("*** Authority: " + authority);
});
log.debug("Returning details...");
return details;
}
所以基本上我是通过 loadClientByClientId(String clientId) 获取我的 ClientId,但我想要一种允许我获取我的客户端 ID 和客户端密码的方法。
有线索吗?谢谢
终于找到解决办法了
您需要创建一个 'CustomClientDetails' 来实现 'ClientDetails' 和 return 它。
例如:
public class CustomClientDetails implements ClientDetails {
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsManager.class);
private static final long serialVersionUID = 6725149038554040628L;
private Customer customer;
public CustomClientDetails(final Customer customer) {
this.customer = customer;
}
@Override
public Integer getAccessTokenValiditySeconds() {
return customer.getAccessTokenValidity();
}
@Override
public Map<String, Object> getAdditionalInformation() {
final Set<String> additionalInformation = new HashSet<String>();
additionalInformation.add(customer.getAdditionalInformation());
return null;
}
@Override
public Collection<GrantedAuthority> getAuthorities() {
final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(customer.getAuthorities()));
return authorities;
}
@Override
public Set<String> getAuthorizedGrantTypes() {
final Set<String> authorizedGrantTypes = new HashSet<String>();
authorizedGrantTypes.add(customer.getAuthorizedGrantTypes());
return authorizedGrantTypes;
}
@Override
public String getClientId() {
return customer.getClientId();
}
@Override
public String getClientSecret() {
return customer.getClientSecret();
}
@Override
public Integer getRefreshTokenValiditySeconds() {
return customer.getRefreshTokenValidity();
}
@Override
public Set<String> getRegisteredRedirectUri() {
final Set<String> registeredRedirectUris = new HashSet<String>();
registeredRedirectUris.add(customer.getWebServerRedirectUri());
return registeredRedirectUris;
}
@Override
public Set<String> getResourceIds() {
final Set<String> resourcesIds = new HashSet<String>();
resourcesIds.add(customer.getResourceIds());
return resourcesIds;
}
@Override
public Set<String> getScope() {
final Set<String> scopes = new HashSet<String>();
scopes.add(customer.getScope());
return scopes;
}
@Override
public boolean isAutoApprove(String scope) {
return false; //TODO: for some reason this is always false
}
@Override
public boolean isScoped() {
return true; //TODO: for some reason this is always true
}
@Override
public boolean isSecretRequired() {
return true; //TODO: for some reason this is always true
}
}
public class CustomClientDetailsManager implements ClientDetailsService {
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsManager.class);
private final CustomerService customerService;
@Inject
public CustomClientDetailsManager(final CustomerService customerService) {
this.customerService = customerService;
}
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
final Customer customer = customerService.getCustomerByClientId(clientId);
final CustomClientDetails customClientDetails = new CustomClientDetails(customer);
return customClientDetails;
}