javaspring引导中获取oath2访问令牌并调用其他服务的正确方法

von4xj4u  于 2021-07-13  发布在  Java
关注(0)|答案(0)|浏览(223)

我想得到oath2访问令牌,并使用它调用另一个服务。下面的代码执行相同的操作,它获取访问令牌并使用该令牌调用另一个api。使用下面的代码,我可以做任何我想与下面的代码。但我对springsecurity还不熟悉,我只想知道是否有更好的方法来实现这一点。比如说,与其单独调用令牌然后调用服务,我可以在一次调用中完成吗?或者使用spring提供的任何其他类,我可以用更好的方式编写这个吗?

public class TestAPIToken{

    @RequestMapping(value = "/showEmployees", method = RequestMethod.GET)
    public ModelAndView showEmployees(@RequestParam("code") String code) throws JsonProcessingException, IOException {
        String accessToken = getAccessToken();

        System.out.println("API Token ---------" + accessToken);

        HttpEntity<String> response = getResponseByCallingWithToken(accessToken);

        System.out.println("API Response ---------" + response.getBody());

        return null;
    }

    private HttpEntity<String> getResponseByCallingWithToken(String accessToken) {
        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
        headers.add("Authorization", "Bearer " + accessToken);
        UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url)
                .queryParam("msisdn", msisdn)
                .queryParam("email", email);

        HttpEntity<?> entity = new HttpEntity<>(headers);

        HttpEntity<String> response = restTemplate.exchange(
                builder.toUriString(), 
                HttpMethod.GET, 
                entity, 
                String.class);

        reponse.getBody();
        return response;
    }

    private String getAccessToken() {
        ResponseEntity<String> response = null;
        System.out.println("Authorization Code------" + code);

        RestTemplate restTemplate = new RestTemplate();

        // According OAuth documentation we need to send the client id and secret key in the header for authentication
        String encodedCredentials = new String(Base64.encodeBase64(credentials.getBytes()));

        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
        headers.add("Authorization", "Basic " + encodedCredentials);

        MultiValueMap<String, String> body = new LinkedMultiValueMap<>();

        body.add("scope","scope,value");
        body.add("grant_type","scope,value");

        HttpEntity<String> request = new HttpEntity<String>(body, headers);

        String access_token_url = "http://localhost:8080/oauth2/token";

        ResponseEntity<TokenModel> response = restTemplate.exchange(access_token_url, HttpMethod.POST, request, TokenModel.class);
        String accessToken = response.getBody().access_token;
        return accessToken;
    }
}

class TokenModel{

    String access_token;
    String scope;
    String token_type;
    String expires_in;

}

我是新来的Spring安全。请帮助,即使这似乎很简单,你注意:这个问题没有一个确切的副本

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题