增加校验 access_token API: /oauth/check_token
monkeyk7
parent
68f7563802
commit
5eba2d6352
|
|
@ -87,14 +87,18 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
|
|||
|
||||
/**
|
||||
* Verify access_token
|
||||
* <p/>
|
||||
* Ext. from CheckTokenEndpoint
|
||||
*
|
||||
* @param value token
|
||||
* @param value token
|
||||
* @param clientId client_id
|
||||
* @return Map
|
||||
* @see org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint
|
||||
* @since 1.0
|
||||
*/
|
||||
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.POST)
|
||||
@ResponseBody
|
||||
public Map<String, ?> checkToken(@RequestParam("token") String value) {
|
||||
public Map<String, ?> checkToken(@RequestParam("token") String value, @RequestParam("client_id") String clientId) {
|
||||
|
||||
OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value);
|
||||
if (token == null) {
|
||||
|
|
@ -105,7 +109,16 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
|
|||
throw new InvalidTokenException("Token has expired");
|
||||
}
|
||||
|
||||
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
|
||||
if (clientDetails == null) {
|
||||
throw new InvalidClientException("client_id was not recognised");
|
||||
}
|
||||
|
||||
OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());
|
||||
final String authClientId = authentication.getOAuth2Request().getClientId();
|
||||
if (!clientId.equals(authClientId)) {
|
||||
throw new InvalidClientException("Given client ID does not match authenticated client");
|
||||
}
|
||||
return accessTokenConverter.convertAccessToken(token, authentication);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -149,6 +149,25 @@
|
|||
</div>
|
||||
</c:if>
|
||||
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">Verify [access_token]</div>
|
||||
<div class="panel-body">
|
||||
<p class="text-muted">输入access_token 后点击链接地址.</p>
|
||||
access_token: <input type="text" ng-model="accessToken" required="required" size="70"
|
||||
placeholder="access_token"/>
|
||||
|
||||
<br/>
|
||||
|
||||
<form action="${contextPath}/oauth/check_token?token={{accessToken}}&client_id={{clientId}}"
|
||||
method="post" target="_blank">
|
||||
<button class="btn btn-link" type="submit">
|
||||
/oauth/check_token?token={{accessToken}}&client_id={{clientId}}
|
||||
</button>
|
||||
<span class="label label-warning">POST</span>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="text-center">
|
||||
<a href="${contextPath}/client_details" class="btn btn-default">Back</a>
|
||||
</div>
|
||||
|
|
@ -174,6 +193,7 @@
|
|||
$scope.password = "mobile";
|
||||
//a temp value
|
||||
$scope.refreshToken = "1156ebfe-e303-4572-9fb5-4459a5d46610";
|
||||
$scope.accessToken = "e2996930-8398-44fd-8de5-7d1b1624ced7";
|
||||
|
||||
}];
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@
|
|||
</li>
|
||||
<li class="list-group-item"><a href="#getTokenCred">获取access_token (grant_type=client_credentials)</a></li>
|
||||
<li class="list-group-item"><a href="#getTokenRest">获取access_token (Restful API)</a></li>
|
||||
<li class="list-group-item"><a href="#verifyToken">校验access_token</a></li>
|
||||
<li class="list-group-item"><a href="#refreshToken">刷新access_token (grant_type=refresh_token)</a></li>
|
||||
<li class="list-group-item"><a href="#userInfoUnity">获取当前用户信息 (ROLE_UNITY)</a></li>
|
||||
<li class="list-group-item"><a href="#userInfoMobile">获取当前用户信息 (ROLE_MOBILE)</a></li>
|
||||
|
|
@ -418,6 +419,77 @@
|
|||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="well well-sm" id="verifyToken">
|
||||
<h3>校验access_token
|
||||
<small class="badge">public</small>
|
||||
</h3>
|
||||
|
||||
<p class="text-muted">校验, 检查access_token的有效性</p>
|
||||
|
||||
<ul class="list-group">
|
||||
<li class="list-group-item">
|
||||
<p>
|
||||
请求URI: <code>/oauth/check_token</code> <span
|
||||
class="label label-warning">POST</span>
|
||||
</p>
|
||||
|
||||
<div>
|
||||
请求参数说明:
|
||||
<table class="table table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>参数名</th>
|
||||
<th>参数值</th>
|
||||
<th>必须?</th>
|
||||
<th>备注</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>token</td>
|
||||
<td>{access_token}</td>
|
||||
<td>是</td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>client_id</td>
|
||||
<td>{client_id}</td>
|
||||
<td>是</td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
请求示例:
|
||||
<p>
|
||||
<code>http://localhost:8080/spring-oauth-server/oauth/check_token?token=e2996930-8398-44fd-8de5-7d1b1624ced7&client_id=mobile-client</code>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<br/>
|
||||
|
||||
<strong>响应</strong>
|
||||
|
||||
<ul class="list-group">
|
||||
<li class="list-group-item">
|
||||
<p>
|
||||
正常 [200]<br/>
|
||||
<mark>
|
||||
{"aud":["mobile-resource"],"exp":1505878459,"user_name":"mobile","authorities":["ROLE_MOBILE","ROLE_USER"],"client_id":"mobile-client","scope":["read","write"]}
|
||||
</mark>
|
||||
</p>
|
||||
</li>
|
||||
<li class="list-group-item">
|
||||
<p>
|
||||
异常 [401]<br/>
|
||||
<mark>
|
||||
{"error":"invalid_token","error_description":"Token was not recognised"}
|
||||
</mark>
|
||||
</p>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="well well-sm" id="refreshToken">
|
||||
<p class="pull-right"><a href="">返回</a></p>
|
||||
|
|
|
|||
Loading…
Reference in New Issue