OAuth2.0
- OAuth: : OAuth(开放授权)是一个开放标准,允许用户授权第三方网站访问他们存储在另外的服务提供者上的信息,而不需要将用户名和密码提供给第三方网站或分享他们数据的所有内容。
- OAuth2.0 :对于用户相关的 OpenAPI(例如获取用户信息,动态同步,照片,日志,分享等),为了保护用户数据的安全和隐私,第三方网站访问用户数据前都需要显式的向用户征求授权
授权流程图示:
其他第三方服务类似
申请Gitee第三方应用ID和密钥
将信息保存至项目中
gitee: oauth: clientid: XX clientsecret: XX callback: XX
项目导入依赖
<!-- 网络请求 --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.6</version> </dependency> <!-- alibaba的fastjson --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.51</version> </dependency>
添加工具类GiteeHttpClient
public class GiteeHttpClient { /** * 获取Access Token * post */ public static JSONObject getAccessToken(String url) throws IOException { HttpClient client = HttpClients.createDefault(); HttpPost httpPost = new HttpPost(url); httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"); HttpResponse response = client.execute(httpPost); HttpEntity entity = response.getEntity(); if (null != entity) { String result = EntityUtils.toString(entity, "UTF-8"); return JSONObject.parseObject(result); } httpPost.releaseConnection(); return null; } /** * 获取用户信息 * get */ public static JSONObject getUserInfo(String url) throws IOException { JSONObject jsonObject = null; CloseableHttpClient client = HttpClients.createDefault(); HttpGet httpGet = new HttpGet(url); httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"); HttpResponse response = client.execute(httpGet); HttpEntity entity = response.getEntity(); if (entity != null) { String result = EntityUtils.toString(entity, "UTF-8"); jsonObject = JSONObject.parseObject(result); } httpGet.releaseConnection(); return jsonObject; } }
页面登陆按钮的请求方法
@Controller public class GiteeController { /** * gitee授权中提供的 appid 和 appkey */ @Value("${gitee.oauth.clientid}") public String CLIENTID; @Value("${gitee.oauth.clientsecret}") public String CLIENTSECRET; @Value("${gitee.oauth.callback}") public String URL; /** * 请求授权页面 */ @GetMapping(value = "/gitee/auth") public String qqAuth(HttpSession session) { // 用于第三方应用防止CSRF攻击 String uuid = UUID.randomUUID().toString().replaceAll("-", ""); session.setAttribute("state", uuid); // Step1:获取Authorization Code String url = "https://gitee.com/oauth/authorize?response_type=code" + "&client_id=" + CLIENTID + "&redirect_uri=" + URLEncoder.encode(URL) + "&state=" + uuid + "&scope=user_info"; //重定向 return "redirect:"+url; } }
点击同意授权后,编写OAuth2Controller控制器,里面添加回调方法
@Slf4j @Controller public class OAuth2Controller { /** * gitee授权中提供的 appid 和 appkey */ @Value("${gitee.oauth.clientid}") public String CLIENTID; @Value("${gitee.oauth.clientsecret}") public String CLIENTSECRET; @Value("${gitee.oauth.callback}") public String URL; /** * 授权回调 */ @GetMapping(value = "/callback") public String giteeCallback(HttpServletRequest request) throws Exception { HttpSession session = request.getSession(); // 得到Authorization Code String code = request.getParameter("code"); // 我们放在地址中的状态码 String state = request.getParameter("state"); String uuid = (String) session.getAttribute("state"); // 验证信息我们发送的状态码 if (null != uuid) { // 状态码不正确,直接返回登录页面 if (!uuid.equals(state)) { return PasswordUtils.redirectTo("/login"); } } // Step2:通过Authorization Code获取Access Token String url = "https://gitee.com/oauth/token?grant_type=authorization_code" + "&client_id=" + CLIENTID + "&client_secret=" + CLIENTSECRET + "&code=" + code + "&redirect_uri=" + URL; JSONObject accessTokenJson = GiteeHttpClient.getAccessToken(url); // Step3: 获取用户信息 url = "https://gitee.com/api/v5/user?access_token=" + accessTokenJson.get("access_token"); JSONObject jsonObject = GiteeHttpClient.getUserInfo(url); /** * 获取到用户信息之后,就该写你自己的业务逻辑了 */ return PasswordUtils.redirectTo("/success"); } }
