从 java 应用程序使用 wso2is 上的 openid 登录
Login with openid on wso2is from java application
我想制作一个 java 应用程序,在 wso2is 上使用 openId 进行登录和批准授权,就像制作 playground2(wso2is 发布的示例)一样,但我想使用 apache httpclient。
我可以进行登录和批准之前的步骤,当我进行批准时,响应始终是“https://192.168.3.40:9443/carbon/../authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_request&oauthErrorMsg=Invalid+authorization+request”
这是我的代码:
httpget = new HttpGet( "https://" + host + ":9443/oauth2/authorize?scope=openid&response_type=code&redirect_uri=http%3A%2F%2F192.168.0.37%3A8080%2Fplayground2%2Foauth2client&client_id=IfhWIq5d9rHJXFDtyvICEga3AvUa" );
referer = "http://192.168.0.37:8080/playground2/oauth2.jsp?reset=true";
httpget.setHeader( HttpHeaders.REFERER, referer );
httpget.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
response = httpclient.execute( httpget, context );
entity = response.getEntity();
content = EntityUtils.toString( entity );
sessionDataKey = getSessionDataKey( content );
List<Cookie> cl = cookieStore.getCookies();
for (Cookie c: cl){
if (c.getName().equalsIgnoreCase( "jsessionid") && c.getPath().equals("/"))
jsessionid = c.getValue();
}
HttpPost httpostAuth = new HttpPost( "https://" + host + ":9443/commonauth" );
nvps.clear();
nvps.add( new BasicNameValuePair( "username", "ltosi" ) );
nvps.add( new BasicNameValuePair( "password", "ltosi" ) );
nvps.add( new BasicNameValuePair( "sessionDataKey", sessionDataKey ) );
nvps.add( new BasicNameValuePair( "Sign In", "Sign In" ) );
referer = "https://192.168.3.40:9443/authenticationendpoint/login.do;jsessionid="+jsessionid+"?sessionDataKey="+sessionDataKey+"&type=oidc&commonAuthCallerPath=/oauth2/authorize&forceAuthenticate=false&checkAuthentication=false&relyingParty=IfhWIq5d9rHJXFDtyvICEga3AvUa&tenantId=-1234&scope%3Dopenid%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252F192.168.0.37%253A8080%252Fplayground2%252Foauth2client%26client_id%3DIfhWIq5d9rHJXFDtyvICEga3AvUa&authenticators=BasicAuthenticator:LOCAL";
httpostAuth.setHeader( HttpHeaders.REFERER, referer );
httpostAuth.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
httpostAuth.setEntity( new UrlEncodedFormEntity( nvps, HTTP.UTF_8 ) );
response = httpclient.execute( httpostAuth, context );
entity = response.getEntity();
content = EntityUtils.toString( entity );
httpget = new HttpGet( response.getLastHeader( "Location" ).getValue() );
httpget.setHeader( HttpHeaders.REFERER, referer );
httpget.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
response = httpclient.execute( httpget, context );
entity = response.getEntity();
content = EntityUtils.toString( entity );
httpost = new HttpPost( "https://" + host + ":9443/oauth2/authorize" );
referer = "https://192.168.3.40:9443/authenticationendpoint/oauth2_consent.do?loggedInUser=ltosi%40carbon.super&application=playground2&scope=openid&sessionDataKeyConsent="+sessionDataKey+"&spQueryParams=scope%3Dopenid%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252F192.168.0.37%253A8080%252Fplayground2%252Foauth2client%26client_id%3DIfhWIq5d9rHJXFDtyvICEga3AvUa";
httpost.setHeader( HttpHeaders.REFERER, referer );
httpost.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
httpost.setHeader( "Origin", "https://192.168.3.40:9443" );
httpost.setHeader( "Host", "192.168.3.40:9443" );
httpost.setEntity( new UrlEncodedFormEntity( nvps, HTTP.UTF_8 ) );
nvps.clear();
nvps.add( new BasicNameValuePair( "sessionDataKeyConsent", sessionDataKey ) );
nvps.add( new BasicNameValuePair( "consent", "approve" ) );
httpost.setEntity( new UrlEncodedFormEntity( nvps, HTTP.UTF_8 ) );
response = httpclient.execute( httpost, context );
entity = response.getEntity();
这个是可以做到的,但是如果只使用Apache HTTPClient的话就得费点功夫了。
wso2 编写了一些自定义包装器。您可以使用它们来实现您的场景。请参考following blog post from blog.facilelogin.com (managing users and roles with wso2).
我想制作一个 java 应用程序,在 wso2is 上使用 openId 进行登录和批准授权,就像制作 playground2(wso2is 发布的示例)一样,但我想使用 apache httpclient。
我可以进行登录和批准之前的步骤,当我进行批准时,响应始终是“https://192.168.3.40:9443/carbon/../authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_request&oauthErrorMsg=Invalid+authorization+request”
这是我的代码:
httpget = new HttpGet( "https://" + host + ":9443/oauth2/authorize?scope=openid&response_type=code&redirect_uri=http%3A%2F%2F192.168.0.37%3A8080%2Fplayground2%2Foauth2client&client_id=IfhWIq5d9rHJXFDtyvICEga3AvUa" );
referer = "http://192.168.0.37:8080/playground2/oauth2.jsp?reset=true";
httpget.setHeader( HttpHeaders.REFERER, referer );
httpget.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
response = httpclient.execute( httpget, context );
entity = response.getEntity();
content = EntityUtils.toString( entity );
sessionDataKey = getSessionDataKey( content );
List<Cookie> cl = cookieStore.getCookies();
for (Cookie c: cl){
if (c.getName().equalsIgnoreCase( "jsessionid") && c.getPath().equals("/"))
jsessionid = c.getValue();
}
HttpPost httpostAuth = new HttpPost( "https://" + host + ":9443/commonauth" );
nvps.clear();
nvps.add( new BasicNameValuePair( "username", "ltosi" ) );
nvps.add( new BasicNameValuePair( "password", "ltosi" ) );
nvps.add( new BasicNameValuePair( "sessionDataKey", sessionDataKey ) );
nvps.add( new BasicNameValuePair( "Sign In", "Sign In" ) );
referer = "https://192.168.3.40:9443/authenticationendpoint/login.do;jsessionid="+jsessionid+"?sessionDataKey="+sessionDataKey+"&type=oidc&commonAuthCallerPath=/oauth2/authorize&forceAuthenticate=false&checkAuthentication=false&relyingParty=IfhWIq5d9rHJXFDtyvICEga3AvUa&tenantId=-1234&scope%3Dopenid%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252F192.168.0.37%253A8080%252Fplayground2%252Foauth2client%26client_id%3DIfhWIq5d9rHJXFDtyvICEga3AvUa&authenticators=BasicAuthenticator:LOCAL";
httpostAuth.setHeader( HttpHeaders.REFERER, referer );
httpostAuth.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
httpostAuth.setEntity( new UrlEncodedFormEntity( nvps, HTTP.UTF_8 ) );
response = httpclient.execute( httpostAuth, context );
entity = response.getEntity();
content = EntityUtils.toString( entity );
httpget = new HttpGet( response.getLastHeader( "Location" ).getValue() );
httpget.setHeader( HttpHeaders.REFERER, referer );
httpget.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
response = httpclient.execute( httpget, context );
entity = response.getEntity();
content = EntityUtils.toString( entity );
httpost = new HttpPost( "https://" + host + ":9443/oauth2/authorize" );
referer = "https://192.168.3.40:9443/authenticationendpoint/oauth2_consent.do?loggedInUser=ltosi%40carbon.super&application=playground2&scope=openid&sessionDataKeyConsent="+sessionDataKey+"&spQueryParams=scope%3Dopenid%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252F192.168.0.37%253A8080%252Fplayground2%252Foauth2client%26client_id%3DIfhWIq5d9rHJXFDtyvICEga3AvUa";
httpost.setHeader( HttpHeaders.REFERER, referer );
httpost.setHeader( HttpHeaders.USER_AGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" );
httpost.setHeader( "Origin", "https://192.168.3.40:9443" );
httpost.setHeader( "Host", "192.168.3.40:9443" );
httpost.setEntity( new UrlEncodedFormEntity( nvps, HTTP.UTF_8 ) );
nvps.clear();
nvps.add( new BasicNameValuePair( "sessionDataKeyConsent", sessionDataKey ) );
nvps.add( new BasicNameValuePair( "consent", "approve" ) );
httpost.setEntity( new UrlEncodedFormEntity( nvps, HTTP.UTF_8 ) );
response = httpclient.execute( httpost, context );
entity = response.getEntity();
这个是可以做到的,但是如果只使用Apache HTTPClient的话就得费点功夫了。 wso2 编写了一些自定义包装器。您可以使用它们来实现您的场景。请参考following blog post from blog.facilelogin.com (managing users and roles with wso2).