需要手动创建 oAuth2 令牌,无需密码
Posted
技术标签:
【中文标题】需要手动创建 oAuth2 令牌,无需密码【英文标题】:Need to create oAuth2 token manually without password 【发布时间】:2016-06-04 21:12:13 【问题描述】:我已经使用 spring security 实现了 oAuth2,它对我来说工作正常。但现在我想手动从后端创建用户令牌,无需密码。因为我只有用户名。
谁能帮帮我。
【问题讨论】:
到目前为止你做了什么?你试过自己先做吗? 普通用户使用用户 /password 登录,并且成功创建了 oAuth2 令牌。但我需要使用没有密码的后端创建其他用户令牌。 【参考方案1】:有答案!!!
HashMap<String, String> authorizationParameters = new HashMap<String, String>();
authorizationParameters.put("scope", "read");
authorizationParameters.put("username", "user");
authorizationParameters.put("client_id", "client_id");
authorizationParameters.put("grant", "password");
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
Set<String> responseType = new HashSet<String>();
responseType.add("password");
Set<String> scopes = new HashSet<String>();
scopes.add("read");
scopes.add("write");
OAuth2Request authorizationRequest = new OAuth2Request(
authorizationParameters, "Client_Id",
authorities, true,scopes, null, "",
responseType, null);
User userPrincipal = new User("user", "", true, true, true, true, authorities);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
userPrincipal, null, authorities);
OAuth2Authentication authenticationRequest = new OAuth2Authentication(
authorizationRequest, authenticationToken);
authenticationRequest.setAuthenticated(true);
OAuth2AccessToken accessToken = tokenService
.createAccessToken(authenticationRequest);
accessToken 是你想要的令牌。
谢谢
【讨论】:
你能解释一下什么是tokenService吗? tokenService 是春季预调用 哇哦,先生,您为我节省了很多时间【参考方案2】:在注册过程中分配访问令牌,Spring 启动。从应用代码中的任何位置调用 getAccessToken(user)。
public OAuth2AccessToken getAccessToken(User user)
HashMap<String, String> authorizationParameters = new HashMap<String, String>();
authorizationParameters.put("scope", "read");
authorizationParameters.put("username", user.getEmail());
authorizationParameters.put("client_id", clientId);
authorizationParameters.put("grant", "password");
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
user.getRoles().forEach((role) ->
Role rol = roleRepository.findByName(role.getName());
authorities.add(new SimpleGrantedAuthority(rol.getName()));
);
Set<String> responseType = new HashSet<String>();
responseType.add("password");
Set<String> scopes = new HashSet<String>();
scopes.add("read");
scopes.add("write");
OAuth2Request authorizationRequest = new OAuth2Request(authorizationParameters, clientId, authorities, true,
scopes, null, "", responseType, null);
org.springframework.security.core.userdetails.User userPrincipal = new org.springframework.security.core.userdetails.User(
user.getEmail(), user.getPassword(), authorities);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userPrincipal,
null, authorities);
OAuth2Authentication authenticationRequest = new OAuth2Authentication(authorizationRequest,
authenticationToken);
authenticationRequest.setAuthenticated(true);
OAuth2AccessToken accessToken = tokenServices().createAccessToken(authenticationRequest);
return accessToken;
@Bean
TokenEnhancerChain enhancerChain()
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
enhancerChain.setTokenEnhancers(Arrays.asList(customTokenEnhancer, accessTokenConverter()));
return enhancerChain;
@Bean
public JwtAccessTokenConverter accessTokenConverter()
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKey);
return converter;
@Bean
public TokenStore tokenStore()
return new JwtTokenStore(accessTokenConverter());
@Bean
@Primary
public DefaultTokenServices tokenServices()
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setTokenEnhancer(enhancerChain());
return defaultTokenServices;
【讨论】:
【参考方案3】:上面的大部分答案都是正确的,但是第五行应该改成
authorizationParameters.put("grant_type", "password")
【讨论】:
以上是关于需要手动创建 oAuth2 令牌,无需密码的主要内容,如果未能解决你的问题,请参考以下文章