Java tutorial
/** * Copyright (c) 2015 https://github.com/howiefh * * Licensed under the Apache License, Version 2.0 (the "License"); */ package io.github.howiefh.jeews.modules.oauth2.controller; import java.net.URI; import java.net.URISyntaxException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import io.github.howiefh.jeews.modules.oauth2.Constants; import io.github.howiefh.jeews.modules.oauth2.service.ClientService; import io.github.howiefh.jeews.modules.oauth2.service.OAuthService; import org.apache.oltu.oauth2.as.issuer.MD5Generator; import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl; import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest; import org.apache.oltu.oauth2.as.response.OAuthASResponse; import org.apache.oltu.oauth2.common.OAuth; import org.apache.oltu.oauth2.common.error.OAuthError; import org.apache.oltu.oauth2.common.exception.OAuthProblemException; import org.apache.oltu.oauth2.common.exception.OAuthSystemException; import org.apache.oltu.oauth2.common.message.OAuthResponse; import org.apache.oltu.oauth2.common.message.types.ResponseType; import org.apache.oltu.oauth2.common.message.types.TokenType; import org.apache.oltu.oauth2.common.utils.OAuthUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * * * @author howiefh */ @RestController public class AuthorizeController { @Value("${shiro.login.url}") private String loginUrl = "/views/login.html"; @Autowired private OAuthService oAuthService; @Autowired private ClientService clientService; @RequestMapping("/authentication") public Object authorize(HttpServletRequest request) throws URISyntaxException, OAuthSystemException { try { // OAuth ? OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request); // id? if (!oAuthService.checkClientId(oauthRequest.getClientId())) { OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) .setError(OAuthError.TokenResponse.INVALID_CLIENT) .setErrorDescription(Constants.INVALID_CLIENT_DESCRIPTION).buildJSONMessage(); return new ResponseEntity<String>(response.getBody(), HttpStatus.valueOf(response.getResponseStatus())); } Subject subject = SecurityUtils.getSubject(); // ? if (!subject.isAuthenticated()) { if (!login(subject, request)) {// ? // TODO HttpHeaders headers = new HttpHeaders(); headers.setLocation(new URI(loginUrl)); return new ResponseEntity<Object>(headers, HttpStatus.UNAUTHORIZED); } } String username = (String) subject.getPrincipal(); // ??? String authorizationCode = null; // responseType??CODE?TOKEN String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE); OAuthIssuerImpl oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator()); // OAuth? OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse .authorizationResponse(request, HttpServletResponse.SC_FOUND); if (responseType.equals(ResponseType.CODE.toString())) { authorizationCode = oauthIssuerImpl.authorizationCode(); oAuthService.addAuthCode(authorizationCode, username); // ?? builder.setCode(authorizationCode); } else if (responseType.equals(ResponseType.TOKEN.toString())) { final String accessToken = oauthIssuerImpl.accessToken(); oAuthService.addAccessToken(accessToken, username); builder.setAccessToken(accessToken); builder.setParam("token_type", TokenType.BEARER.toString()); builder.setExpiresIn(oAuthService.getExpireIn()); } // ??? String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI); // ? final OAuthResponse response = builder.location(redirectURI).buildQueryMessage(); // ?OAuthResponseResponseEntity? HttpHeaders headers = new HttpHeaders(); headers.setLocation(new URI(response.getLocationUri())); return new ResponseEntity<Object>(headers, HttpStatus.valueOf(response.getResponseStatus())); } catch (OAuthProblemException e) { // ? String redirectUri = e.getRedirectUri(); if (OAuthUtils.isEmpty(redirectUri)) { // redirectUri return new ResponseEntity<String>("OAuth callback url needs to be provided by client!!!", HttpStatus.NOT_FOUND); } // ??error= final OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).error(e) .location(redirectUri).buildQueryMessage(); HttpHeaders headers = new HttpHeaders(); headers.setLocation(new URI(response.getLocationUri())); return new ResponseEntity<Object>(headers, HttpStatus.valueOf(response.getResponseStatus())); } } private boolean login(Subject subject, HttpServletRequest request) { if ("get".equalsIgnoreCase(request.getMethod())) { return false; } String username = request.getParameter("username"); String password = request.getParameter("password"); if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { return false; } UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { subject.login(token); return true; } catch (Exception e) { throw new RuntimeException("login error: " + e.getMessage()); } } }