Spring Security源码分析三:Spring Social实现QQ社交登陆
社交登陆又称做社会化登陆(Social Login),是指网站的用户可使用腾讯QQ、人人网、开心网、新浪微博、搜狐微博、腾讯微博、淘宝、豆瓣、MSN、Google等社会化媒体帐号登陆该网站。css
OAuth2.0的认证流程示意图
- 请求第三方应用
- 第三方应用将用户请求导向服务提供商
- 用户赞成受权
- 服务提供商返回code
- client根据code去服务提供商换取令牌
- 返回令牌
- 获取用户信息
在标准的OAuth2协议中,1-6步都是固定,只有最后一步,不通的服务提供商返回的用户信息是不一样的。Spring Social已经为咱们封装好了1-6步。html
使用Spring Social
准备工做
- 在qq互联申请我的开发者,得到appId和appKey或者使用 SpringForAll贡献出来的
- 配置本地host 添加
127.0.0.1 www.ictgu.cn - 数据库执行如下sql
create table UserConnection (userId varchar(255) not null,
providerId varchar(255) not null,
providerUserId varchar(255),
rank int not null,
displayName varchar(255),
profileUrl varchar(512),
imageUrl varchar(512),
accessToken varchar(512) not null,
secret varchar(512),
refreshToken varchar(512),
expireTime bigint,
primary key (userId, providerId, providerUserId));
create unique index UserConnectionRank on UserConnection(userId, providerId, rank);
复制代码
- 项目端口设置为
80端口
引入Spring Social 模块
| 模块 | 描述 |
|---|---|
| spring-social-core | 提供社交链接框架和OAuth 客户端支持 |
| spring-social-config | 提供Java 配置 |
| spring-social-security | 社交安全的一些支持 |
| spring-social-web | 管理web应用程序的链接 |
!--spring-social 相关-->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
</dependency>
复制代码
目录结构
- 'api' 定义api绑定的公共接口
- 'config' qq的一些配置信息
- 'connect'与服务提供商创建链接所需的一些类。
定义返回用户信息接口
public interface QQ {
/** * 获取用户信息 * @return */
QQUserInfo getUserInfo();
}
复制代码
实现返回用户信息接口
@Slf4j
public class QQImpl extends AbstractOAuth2ApiBinding implements QQ {
//http://wiki.connect.qq.com/openapi%E8%B0%83%E7%94%A8%E8%AF%B4%E6%98%8E_oauth2-0
private static final String QQ_URL_GET_OPENID = "https://graph.qq.com/oauth2.0/me?access_token=%s";
//http://wiki.connect.qq.com/get_user_info(access_token由父类提供)
private static final String QQ_URL_GET_USER_INFO = "https://graph.qq.com/user/get_user_info?oauth_consumer_key=%s&openid=%s";
/** * appId 配置文件读取 */
private String appId;
/** * openId 请求QQ_URL_GET_OPENID返回 */
private String openId;
/** * 工具类 */
private ObjectMapper objectMapper = new ObjectMapper();
/** * 构造方法获取openId */
public QQImpl(String accessToken, String appId) {
//access_token做为查询参数来携带。
super(accessToken, TokenStrategy.ACCESS_TOKEN_PARAMETER);
this.appId = appId;
String url = String.format(QQ_URL_GET_OPENID, accessToken);
String result = getRestTemplate().getForObject(url, String.class);
log.info("【QQImpl】 QQ_URL_GET_OPENID={} result={}", QQ_URL_GET_OPENID, result);
this.openId = StringUtils.substringBetween(result, "\"openid\":\"", "\"}");
}
@Override
public QQUserInfo getUserInfo() {
String url = String.format(QQ_URL_GET_USER_INFO, appId, openId);
String result = getRestTemplate().getForObject(url, String.class);
log.info("【QQImpl】 QQ_URL_GET_USER_INFO={} result={}", QQ_URL_GET_USER_INFO, result);
QQUserInfo userInfo = null;
try {
userInfo = objectMapper.readValue(result, QQUserInfo.class);
userInfo.setOpenId(openId);
return userInfo;
} catch (Exception e) {
throw new RuntimeException("获取用户信息失败", e);
}
}
}
复制代码
QQOAuth2Template处理qq返回的令牌信息
@Slf4j
public class QQOAuth2Template extends OAuth2Template {
public QQOAuth2Template(String clientId, String clientSecret, String authorizeUrl, String accessTokenUrl) {
super(clientId, clientSecret, authorizeUrl, accessTokenUrl);
setUseParametersForClientAuthentication(true);
}
@Override
protected AccessGrant postForAccessGrant(String accessTokenUrl, MultiValueMap<String, String> parameters) {
String responseStr = getRestTemplate().postForObject(accessTokenUrl, parameters, String.class);
log.info("【QQOAuth2Template】获取accessToke的响应:responseStr={}" + responseStr);
String[] items = StringUtils.splitByWholeSeparatorPreserveAllTokens(responseStr, "&");
//http://wiki.connect.qq.com/使用authorization_code获取access_token
//access_token=FE04************************CCE2&expires_in=7776000&refresh_token=88E4************************BE14
String accessToken = StringUtils.substringAfterLast(items[0], "=");
Long expiresIn = new Long(StringUtils.substringAfterLast(items[1], "="));
String refreshToken = StringUtils.substringAfterLast(items[2], "=");
return new AccessGrant(accessToken, null, refreshToken, expiresIn);
}
/** * 坑,日志debug模式才打印出来 处理qq返回的text/html 类型数据 * * @return */
@Override
protected RestTemplate createRestTemplate() {
RestTemplate restTemplate = super.createRestTemplate();
restTemplate.getMessageConverters().add(new StringHttpMessageConverter(Charset.forName("UTF-8")));
return restTemplate;
}
}
复制代码
QQServiceProvider链接服务提供商
public class QQServiceProvider extends AbstractOAuth2ServiceProvider<QQ> {
/** * 获取code */
private static final String QQ_URL_AUTHORIZE = "https://graph.qq.com/oauth2.0/authorize";
/** * 获取access_token 也就是令牌 */
private static final String QQ_URL_ACCESS_TOKEN = "https://graph.qq.com/oauth2.0/token";
private String appId;
public QQServiceProvider(String appId, String appSecret) {
super(new QQOAuth2Template(appId, appSecret, QQ_URL_AUTHORIZE, QQ_URL_ACCESS_TOKEN));
this.appId = appId;
}
@Override
public QQ getApi(String accessToken) {
return new QQImpl(accessToken, appId);
}
}
复制代码
QQConnectionFactory链接服务提供商的工厂类
public class QQConnectionFactory extends OAuth2ConnectionFactory<QQ> {
public QQConnectionFactory(String providerId, String appId, String appSecret) {
super(providerId, new QQServiceProvider(appId, appSecret), new QQAdapter());
}
}
复制代码
QQAdapter 适配spring Social默认的返回信息
public class QQAdapter implements ApiAdapter<QQ> {
@Override
public boolean test(QQ api) {
return true;
}
@Override
public void setConnectionValues(QQ api, ConnectionValues values) {
QQUserInfo userInfo = api.getUserInfo();
values.setProviderUserId(userInfo.getOpenId());//openId 惟一标识
values.setDisplayName(userInfo.getNickname());
values.setImageUrl(userInfo.getFigureurl_qq_1());
values.setProfileUrl(null);
}
@Override
public UserProfile fetchUserProfile(QQ api) {
return null;
}
@Override
public void updateStatus(QQ api, String message) {
}
}
复制代码
SocialConfig 社交配置主类
@Configuration
@EnableSocial
public class SocialConfig extends SocialConfigurerAdapter {
/** * 社交登陆配类 * * @return */
@Bean
public SpringSocialConfigurer merryyouSocialSecurityConfig() {
String filterProcessesUrl = SecurityConstants.DEFAULT_SOCIAL_QQ_PROCESS_URL;
MerryyouSpringSocialConfigurer configurer = new MerryyouSpringSocialConfigurer(filterProcessesUrl);
return configurer;
}
/** * 处理注册流程的工具类 * @param factoryLocator * @return */
@Bean
public ProviderSignInUtils providerSignInUtils(ConnectionFactoryLocator factoryLocator) {
return new ProviderSignInUtils(factoryLocator, getUsersConnectionRepository(factoryLocator));
}
}
复制代码
QQAuthConfig 针对qq返回结果的一些操做
@Configuration
public class QQAuthConfig extends SocialAutoConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private ConnectionSignUp myConnectionSignUp;
@Override
protected ConnectionFactory<?> createConnectionFactory() {
return new QQConnectionFactory(SecurityConstants.DEFAULT_SOCIAL_QQ_PROVIDER_ID, SecurityConstants.DEFAULT_SOCIAL_QQ_APP_ID, SecurityConstants.DEFAULT_SOCIAL_QQ_APP_SECRET);
}
@Override
public UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator) {
JdbcUsersConnectionRepository repository = new JdbcUsersConnectionRepository(dataSource,
connectionFactoryLocator, Encryptors.noOpText());
if (myConnectionSignUp != null) {
repository.setConnectionSignUp(myConnectionSignUp);
}
return repository;
}
}
复制代码
MerryyouSpringSocialConfigurer自定义登陆和注册链接
public class MerryyouSpringSocialConfigurer extends SpringSocialConfigurer {
private String filterProcessesUrl;
public MerryyouSpringSocialConfigurer(String filterProcessesUrl) {
this.filterProcessesUrl = filterProcessesUrl;
}
@Override
protected <T> T postProcess(T object) {
SocialAuthenticationFilter filter = (SocialAuthenticationFilter) super.postProcess(object);
filter.setFilterProcessesUrl(filterProcessesUrl);
filter.setSignupUrl("/register");
return (T) filter;
}
}
复制代码
开启SocialAuthenticationFilter过滤器
@Autowired
private SpringSocialConfigurer merryyouSpringSocialConfigurer;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
.formLogin()//使用表单登陆,再也不使用默认httpBasic方式
.loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)//若是请求的URL须要认证则跳转的URL
.loginProcessingUrl(SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_FORM)//处理表单中自定义的登陆URL
.and()
.apply(merryyouSpringSocialConfigurer)
.and()
.authorizeRequests().antMatchers(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_FORM,
SecurityConstants.DEFAULT_REGISTER_URL,
"/register",
"/social/info",
"/**/*.js",
"/**/*.css",
"/**/*.jpg",
"/**/*.png",
"/**/*.woff2",
"/code/image")
.permitAll()//以上的请求都不须要认证
//.antMatchers("/").access("hasRole('USER')")
.and()
.csrf().disable()//关闭csrd拦截
;
//安全模块单独配置
authorizeConfigProvider.config(http.authorizeRequests());
}
复制代码
代码下载
从个人 github 中下载,github.com/longfeizhen…git
相关文章
- 1. Spring Security源码分析四:Spring Social实现微信社交登陆
- 2. Spring Security源码分析六:Spring Social社交登陆源码解析
- 3. Spring Security源码分析十四:Spring Social社交登陆绑定与解绑
- 4. Spring Social实现微信社交登陆
- 5. Spring Security源码分析五:Spring Security实现短信登陆
- 6. Spring Security源码分析十二:Spring Security OAuth2基于JWT实现单点登陆
- 7. spring security整合QQ登陆
- 8. Spring Security 登陆校验 源码解析
- 9. spring security 源码分析(1)
- 10. spring oauth2 social实现QQ登录
- 更多相关文章...
- • Spring实例化Bean的三种方法 - Spring教程
- • Spring JDBCTemplate简介 - Spring教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • Java Agent入门实战(二)-Instrumentation源码概述
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章
- 1. Spring Security源码分析四:Spring Social实现微信社交登陆
- 2. Spring Security源码分析六:Spring Social社交登陆源码解析
- 3. Spring Security源码分析十四:Spring Social社交登陆绑定与解绑
- 4. Spring Social实现微信社交登陆
- 5. Spring Security源码分析五:Spring Security实现短信登陆
- 6. Spring Security源码分析十二:Spring Security OAuth2基于JWT实现单点登陆
- 7. spring security整合QQ登陆
- 8. Spring Security 登陆校验 源码解析
- 9. spring security 源码分析(1)
- 10. spring oauth2 social实现QQ登录