client details test

2018-04-21 16:39:47 +08:00 · 2018-04-21 16:39:47 +08:00 · 48b295b729
parent c4fc969b9a
commit 48b295b729
4 changed files with 23 additions and 13 deletions
--- a/src/main/java/com/monkeyk/sos/service/dto/OauthClientDetailsDto.java
+++ b/src/main/java/com/monkeyk/sos/service/dto/OauthClientDetailsDto.java
@ -3,6 +3,7 @@ package com.monkeyk.sos.service.dto;
 import com.monkeyk.sos.domain.oauth.OauthClientDetails;
 import com.monkeyk.sos.domain.shared.GuidGenerator;
 import com.monkeyk.sos.infrastructure.DateUtils;
+import com.monkeyk.sos.infrastructure.PasswordHandler;
 import org.apache.commons.lang.StringUtils;

 import java.io.Serializable;
@ -209,7 +210,8 @@ public class OauthClientDetailsDto implements Serializable {
    public OauthClientDetails createDomain() {
        OauthClientDetails clientDetails = new OauthClientDetails()
                .clientId(clientId)
-                .clientSecret(clientSecret)
+                // encrypted client secret
+                .clientSecret(PasswordHandler.encode(clientSecret))
                .resourceIds(resourceIds)
                .authorizedGrantTypes(authorizedGrantTypes)
                .scope(scope);
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/client_details.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/client_details.jsp
@ -52,7 +52,7 @@

                <div class="list-group-item-text text-muted">
                    client_id: <span class="text-danger">${cli.clientId}</span>&nbsp;
-                    client_secret: <span class="text-primary">${cli.clientSecret}</span>&nbsp;
+                    client_secret: <span class="text-primary">***</span>&nbsp;
                    <br/>
                    authorized_grant_types: <span class="text-primary">${cli.authorizedGrantTypes}</span>&nbsp;
                    resource_ids: <span class="text-primary">${cli.resourceIds}</span>&nbsp;
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/register_client.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/register_client.jsp
@ -20,14 +20,14 @@
 <h2>注册client</h2>

 <div ng-app>
-<p class="help-block">
-    若对Oauth的<code>client_details</code>中的属性及作用不清楚,
-    建议你先查看项目中的<code>db_table_description.html</code>文件(位于others目录)中对表<code>oauth_client_details</code>的说明,
-    或在线访问<a href="http://andaily.com/spring-oauth-server/db_table_description.html" target="_blank">db_table_description.html</a>;
-    因为注册client实际上是向该表中按不同的条件添加数据.
-</p>
+    <p class="help-block">
+        若对Oauth的<code>client_details</code>中的属性及作用不清楚,
+        建议你先查看项目中的<code>db_table_description.html</code>文件(位于others目录)中对表<code>oauth_client_details</code>的说明,
+        或在线访问<a href="http://andaily.com/spring-oauth-server/db_table_description.html" target="_blank">db_table_description.html</a>;
+        因为注册client实际上是向该表中按不同的条件添加数据.
+    </p>

-<div ng-controller="RegisterClientCtrl">
+    <div ng-controller="RegisterClientCtrl">
        <form:form modelAttribute="formDto" cssClass="form-horizontal">
            <div class="form-group">
                <label for="clientId" class="col-sm-2 control-label">client_id<em class="text-danger">*</em></label>
@ -47,7 +47,10 @@
                    <form:input path="clientSecret" cssClass="form-control" id="clientSecret"
                                placeholder="client_secret" required="required"/>

-                    <p class="help-block">client_secret必须输入,且长度至少8位; 在实际应用中的另一个名称叫appSecret,与client_secret是同一个概念.</p>
+                    <p class="help-block">client_secret必须输入,且长度至少8位; 在实际应用中的另一个名称叫appSecret,与client_secret是同一个概念.
+                        <br/>
+                        <strong class="text-danger">注意: </strong> 由于client_secret 会加密存储, 请先复制并保留client_secret值
+                    </p>
                </div>
            </div>
            <div class="form-group">
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
@ -21,10 +21,15 @@

    <p>
        针对不同的<code>grant_type</code>提供不同的测试URL,
-        完整的Oauth测试请访问<a href="http://git.oschina.net/mkk/spring-oauth-client" target="_blank">spring-oauth-client</a>项目.
+        完整的OAuth测试请访问<a href="https://gitee.com/mkk/spring-oauth-client" target="_blank">spring-oauth-client</a>项目.
    </p>

    <div ng-controller="TestClientCtrl">
+        <div>
+            请先输入client_secret: <input type="text" value="" placeholder="client_secret" ng-model="clientSecret"
+                                      size="100" required="required"/>
+        </div>
+        <hr/>
        <c:if test="${clientDetailsDto.containsAuthorizationCode}">
            <div class="panel panel-default">
                <div class="panel-heading">Test [authorization_code]</div>
@ -100,7 +105,7 @@

                    <p>
                        <a href="${contextPath}/oauth/authorize?client_id={{clientId}}&client_secret={{clientSecret}}&response_type=token&scope={{scope}}&redirect_uri={{implicitRedirectUri}}"
-                                >/oauth/authorize?client_id={{clientId}}&client_secret={{clientSecret}}&response_type=token&scope={{scope}}&redirect_uri={{implicitRedirectUri}}</a>
+                        >/oauth/authorize?client_id={{clientId}}&client_secret={{clientSecret}}&response_type=token&scope={{scope}}&redirect_uri={{implicitRedirectUri}}</a>
                        <span class="label label-info">GET</span>
                    </p>
                </div>
@ -158,7 +163,7 @@
 <script>
    var TestClientCtrl = ["$scope", function ($scope) {
        $scope.clientId = "${clientDetailsDto.clientId}";
-        $scope.clientSecret = "${clientDetailsDto.clientSecret}";
+        $scope.clientSecret = "";
        $scope.scope = "${clientDetailsDto.scopeWithBlank}";

        <c:if test="${empty clientDetailsDto.webServerRedirectUri}" var="eptRedUri">