增加校验 access_token API: /oauth/check_token
monkeyk7
parent
68f7563802
commit
5eba2d6352
|
|
@ -87,14 +87,18 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify access_token
|
* Verify access_token
|
||||||
|
* <p/>
|
||||||
|
* Ext. from CheckTokenEndpoint
|
||||||
*
|
*
|
||||||
* @param value token
|
* @param value token
|
||||||
|
* @param clientId client_id
|
||||||
* @return Map
|
* @return Map
|
||||||
* @see org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint
|
* @see org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint
|
||||||
|
* @since 1.0
|
||||||
*/
|
*/
|
||||||
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.POST)
|
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.POST)
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public Map<String, ?> checkToken(@RequestParam("token") String value) {
|
public Map<String, ?> checkToken(@RequestParam("token") String value, @RequestParam("client_id") String clientId) {
|
||||||
|
|
||||||
OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value);
|
OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value);
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
|
|
@ -105,7 +109,16 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
|
||||||
throw new InvalidTokenException("Token has expired");
|
throw new InvalidTokenException("Token has expired");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
|
||||||
|
if (clientDetails == null) {
|
||||||
|
throw new InvalidClientException("client_id was not recognised");
|
||||||
|
}
|
||||||
|
|
||||||
OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());
|
OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());
|
||||||
|
final String authClientId = authentication.getOAuth2Request().getClientId();
|
||||||
|
if (!clientId.equals(authClientId)) {
|
||||||
|
throw new InvalidClientException("Given client ID does not match authenticated client");
|
||||||
|
}
|
||||||
return accessTokenConverter.convertAccessToken(token, authentication);
|
return accessTokenConverter.convertAccessToken(token, authentication);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -149,6 +149,25 @@
|
||||||
</div>
|
</div>
|
||||||
</c:if>
|
</c:if>
|
||||||
|
|
||||||
|
<div class="panel panel-default">
|
||||||
|
<div class="panel-heading">Verify [access_token]</div>
|
||||||
|
<div class="panel-body">
|
||||||
|
<p class="text-muted">输入access_token 后点击链接地址.</p>
|
||||||
|
access_token: <input type="text" ng-model="accessToken" required="required" size="70"
|
||||||
|
placeholder="access_token"/>
|
||||||
|
|
||||||
|
<br/>
|
||||||
|
|
||||||
|
<form action="${contextPath}/oauth/check_token?token={{accessToken}}&client_id={{clientId}}"
|
||||||
|
method="post" target="_blank">
|
||||||
|
<button class="btn btn-link" type="submit">
|
||||||
|
/oauth/check_token?token={{accessToken}}&client_id={{clientId}}
|
||||||
|
</button>
|
||||||
|
<span class="label label-warning">POST</span>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="text-center">
|
<div class="text-center">
|
||||||
<a href="${contextPath}/client_details" class="btn btn-default">Back</a>
|
<a href="${contextPath}/client_details" class="btn btn-default">Back</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -174,6 +193,7 @@
|
||||||
$scope.password = "mobile";
|
$scope.password = "mobile";
|
||||||
//a temp value
|
//a temp value
|
||||||
$scope.refreshToken = "1156ebfe-e303-4572-9fb5-4459a5d46610";
|
$scope.refreshToken = "1156ebfe-e303-4572-9fb5-4459a5d46610";
|
||||||
|
$scope.accessToken = "e2996930-8398-44fd-8de5-7d1b1624ced7";
|
||||||
|
|
||||||
}];
|
}];
|
||||||
</script>
|
</script>
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@
|
||||||
</li>
|
</li>
|
||||||
<li class="list-group-item"><a href="#getTokenCred">获取access_token (grant_type=client_credentials)</a></li>
|
<li class="list-group-item"><a href="#getTokenCred">获取access_token (grant_type=client_credentials)</a></li>
|
||||||
<li class="list-group-item"><a href="#getTokenRest">获取access_token (Restful API)</a></li>
|
<li class="list-group-item"><a href="#getTokenRest">获取access_token (Restful API)</a></li>
|
||||||
|
<li class="list-group-item"><a href="#verifyToken">校验access_token</a></li>
|
||||||
<li class="list-group-item"><a href="#refreshToken">刷新access_token (grant_type=refresh_token)</a></li>
|
<li class="list-group-item"><a href="#refreshToken">刷新access_token (grant_type=refresh_token)</a></li>
|
||||||
<li class="list-group-item"><a href="#userInfoUnity">获取当前用户信息 (ROLE_UNITY)</a></li>
|
<li class="list-group-item"><a href="#userInfoUnity">获取当前用户信息 (ROLE_UNITY)</a></li>
|
||||||
<li class="list-group-item"><a href="#userInfoMobile">获取当前用户信息 (ROLE_MOBILE)</a></li>
|
<li class="list-group-item"><a href="#userInfoMobile">获取当前用户信息 (ROLE_MOBILE)</a></li>
|
||||||
|
|
@ -418,6 +419,77 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="well well-sm" id="verifyToken">
|
||||||
|
<h3>校验access_token
|
||||||
|
<small class="badge">public</small>
|
||||||
|
</h3>
|
||||||
|
|
||||||
|
<p class="text-muted">校验, 检查access_token的有效性</p>
|
||||||
|
|
||||||
|
<ul class="list-group">
|
||||||
|
<li class="list-group-item">
|
||||||
|
<p>
|
||||||
|
请求URI: <code>/oauth/check_token</code> <span
|
||||||
|
class="label label-warning">POST</span>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
请求参数说明:
|
||||||
|
<table class="table table-bordered">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>参数名</th>
|
||||||
|
<th>参数值</th>
|
||||||
|
<th>必须?</th>
|
||||||
|
<th>备注</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>token</td>
|
||||||
|
<td>{access_token}</td>
|
||||||
|
<td>是</td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>client_id</td>
|
||||||
|
<td>{client_id}</td>
|
||||||
|
<td>是</td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
请求示例:
|
||||||
|
<p>
|
||||||
|
<code>http://localhost:8080/spring-oauth-server/oauth/check_token?token=e2996930-8398-44fd-8de5-7d1b1624ced7&client_id=mobile-client</code>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<br/>
|
||||||
|
|
||||||
|
<strong>响应</strong>
|
||||||
|
|
||||||
|
<ul class="list-group">
|
||||||
|
<li class="list-group-item">
|
||||||
|
<p>
|
||||||
|
正常 [200]<br/>
|
||||||
|
<mark>
|
||||||
|
{"aud":["mobile-resource"],"exp":1505878459,"user_name":"mobile","authorities":["ROLE_MOBILE","ROLE_USER"],"client_id":"mobile-client","scope":["read","write"]}
|
||||||
|
</mark>
|
||||||
|
</p>
|
||||||
|
</li>
|
||||||
|
<li class="list-group-item">
|
||||||
|
<p>
|
||||||
|
异常 [401]<br/>
|
||||||
|
<mark>
|
||||||
|
{"error":"invalid_token","error_description":"Token was not recognised"}
|
||||||
|
</mark>
|
||||||
|
</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="well well-sm" id="refreshToken">
|
<div class="well well-sm" id="refreshToken">
|
||||||
<p class="pull-right"><a href="">返回</a></p>
|
<p class="pull-right"><a href="">返回</a></p>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue